Bug 727511
Summary: | ldclt SSL search requests are failing with "illegal error number -1" error | ||||||
---|---|---|---|---|---|---|---|
Product: | [Retired] 389 | Reporter: | Sankar Ramalingam <sramling> | ||||
Component: | Command Line Utilities | Assignee: | Nathan Kinder <nkinder> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 1.2.9 | CC: | edewata, nhosoi, nkinder, rmeggins | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2015-12-10 18:40:17 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 690318, 708096, 726742 | ||||||
Attachments: |
|
Description
Sankar Ramalingam
2011-08-02 10:43:07 UTC
Created attachment 516559 [details]
0001-Bug-727511-ldclt-SSL-search-requests-are-failing-wit.patch
To ssh://git.fedorahosted.org/git/389/ds.git 9ad83ba..aea218c master -> master commit aea218c41961502b1cbdfc4c082ed494db6a49a7 Author: Rich Megginson <rmeggins> Date: Wed Aug 3 12:04:52 2011 -0600 Reviewed by: nkinder (Thanks!) Branch: master Fix Description: Make all code in ldclt use the same function for creating and binding to an LDAP*. Add code to initialize TLS/SSL when using openldap . If using cert client auth, add code to authenticate to the token using the given password. Platforms tested: RHEL6 x86_64 Flag Day: no Doc impact: no I could still reproduce the problem after upgrading the existing instance to 389-ds-base latest. rpm -qi 389-ds-base Name : 389-ds-base Relocations: (not relocatable) Version : 1.2.8.2 Vendor: Red Hat, Inc. Release : 1.el6_1.9 Build Date: Thu 11 Aug 2011 10:50:39 PM EDT Install Date: Tue 16 Aug 2011 09:18:45 PM EDT Build Host: x86-012.build.bos.redhat.com Group : System Environment/Daemons Source RPM: 389-ds-base-1.2.8.2-1.el6_1.9.src.rpm ldclt -Z /etc/dirsrv/slapd-weelie/cert8.db -e esearch -p 1636 -h 10.65.201.68 -D "cn=Directory Manager" -w Secret123 -b "dc=testldclt,dc=com" -f "cn=new" -n 1 -N 10 -T 10 -I '-1' -I 32 -W 1 ldclt version 4.23 ldclt[25826]: Starting at Thu Aug 25 12:34:30 2011 ldclt[25826]: T000: Cannot ldap_simple_bind_s (cn=Directory Manager, Secret123), error=-1 (Can't contact LDAP server) ldclt[25826]: Illegal error number -1 ldclt[25826]: T000: Cannot ldap_simple_bind_s (cn=Directory Manager, Secret123), error=-1 (Can't contact LDAP server) tail -f /var/log/dirsrv/slapd-weelie/access [25/Aug/2011:12:33:53 -0400] conn=867 fd=69 slot=69 SSL connection from 10.65.201.68 to 10.65.201.68 [25/Aug/2011:12:33:53 -0400] conn=867 op=-1 fd=69 closed - Peer does not recognize and trust the CA that issued your certificate. [25/Aug/2011:12:34:06 -0400] conn=868 fd=69 slot=69 SSL connection from 10.65.201.68 to 10.65.201.68 [25/Aug/2011:12:34:06 -0400] conn=868 op=-1 fd=69 closed - Peer does not recognize and trust the CA that issued your certificate. [25/Aug/2011:12:34:31 -0400] conn=869 fd=69 slot=69 SSL connection from 10.65.201.68 to 10.65.201.68 [25/Aug/2011:12:34:31 -0400] conn=869 op=-1 fd=69 closed - Peer does not recognize and trust the CA that issued your certificate. Right. This issue is not fixed for 6.1.z or DS9.0. It will be fixed for 6.2.0/DSIPA2.1 |