Red Hat Bugzilla – Bug 117924
nss_ldap: everything crashes when "ssl start_tls" is used.
Last modified: 2007-11-30 17:07:00 EST
I've just installed a RHAS3U1 + all updates (including nss_ldap-207-5)
and tried to configure it to use LDAP. I am having a problem where
everything (id, login, ssh, etc) dies on all requests (even root can
not log in!). However if I comment out the "ssl start_tls" in
/etc/ldap.conf , then everything works correctly.
I am aware that there are many other "things crash in pam_ldap" bugs
in Bugzilla already, but it was not clear whether this one is a dup or
not (the specific details seem different).
Is there an update for this bug?
This happens with "ssl on" as well as "ssl start_tls".
There is an earlier duplicate report of this bug at #111492 , and a
report for the same bug in rh9 at #85728.
Bug 111492 is the bug I'm having as I didn't see this issue until I
had an entry for subjectAltName. Good to know. Incidentally, I've
opened a support ticket with RH's support department as we're an
enterprise customer and they've said the following:
"This ldap-start_tls event is a known bug. It has been handed to the
engineering department and they are working on a fix. A timeframe has
not been given at this point as to when the solution will be posted.
We are working on it."
After the latest round of updates (RHBA-2004-224), I can no longer
reproduce this. Should this be marked CLOSED -> ERRATA?
I'm seeing the same behavior as you, Aleksey. I believe this error
has been fixed by the latest openssl errata.
This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
For more information of the RHEL errata support policy, please visit:
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.