Bug 695142

Summary: autofs & LDAP, client certificates do not work
Product: [Fedora] Fedora Reporter: Ondrej Moriš <omoris>
Component: autofsAssignee: Ian Kent <ikent>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: rawhideCC: ikent
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 695141 Environment:
Last Closed: 2012-06-25 01:54:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 695141    
Bug Blocks:    
Attachments:
Description Flags
Test none

Description Ondrej Moriš 2011-04-10 21:30:31 UTC 
Created attachment 491112 [details]
Test

+++ This bug was initially created as a clone of Bug #695141 +++

Created attachment 491111 [details]
Test

Description of problem:

When configuring autofs through ldap such that server requires client certificates, connection does not work, i.e. mountpoint cannot be accessed. When client verification is dropped (but SSL/TLS and server verification is still enabled), everything works fine. According to man page of auto.master, automounter should be able to read openldap clients configuration (/etc/openldap/ldap.conf and ldaprc) and it is (server verification works fine), but it seems that client certificates are omitted.

Version-Release number of selected component (if applicable):

autofs-5.0.5-37.fc16

How reproducible:

Always

Steps to Reproduce:

1. Configure autofs to works with openldap over SSL/TLS with both server and client certificates, create mountpoint setup on ldap server, try to access it.
  
Additional info:

For a detailed reproducer including all necessary configuration, see attached test, it is written using beakerlib (install beakerlib package). Run it as root from the test directory by 'bash runtesh.sh'.
Comment 1 Ian Kent 2012-06-25 01:54:07 UTC 
Closing this bug, see bug 695141 for more information.