Bug 1247675 - slapd will not work properly after upgrading to RHEL 6.7
slapd will not work properly after upgrading to RHEL 6.7
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: openldap (Show other bugs)
x86_64 Linux
medium Severity medium
: rc
: ---
Assigned To: Matus Honek
Patrik Kis
Depends On: 1249092
  Show dependency treegraph
Reported: 2015-07-28 11:17 EDT by sebastian.luna.valero
Modified: 2016-08-05 08:41 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-08-05 08:41:11 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description sebastian.luna.valero 2015-07-28 11:17:08 EDT
Description of problem:
Did "yum update" to update OpenLDAP server from RHEL 6.6 to RHEL 6.7 and after the update the OpenLDAP server was not working.

Version-Release number of selected component (if applicable):
Updating from:
RHEL 6.6, OpenLDAP 2.4.39

to:RHEL 6.7 and, OpenLDAP 2.4.40

How reproducible:

Steps to Reproduce:
1. yum update on the OpenLDAP server with RHEL 6.6

Additional info:
My solution was to revert back the server to RHEL 6.6 and OpenLDAP 2.4.39.

It might be related to this:

and a configuration problem on my end. I am using slapd.conf with:
TLSProtocolMin 3.1
TLSCipherSuite HIGH

Please let me know if you need further information.
Comment 2 Jan Synacek 2015-07-29 03:34:58 EDT
If you require TLS1.1 to be used, your configuration should only set TLSProtocolMin:

TLSProtocolMin 3.2

See slapd-config(5), option olcTLSProtocolMin.
Comment 3 sebastian.luna.valero 2015-08-05 08:51:43 EDT

I will try that. However, just to let you know that I was following Red Hat resolution for POODLE vulnerability as explained here:

So slapd should still work properly after upgrading, is that right?
Comment 9 Matus Honek 2016-08-05 08:41:11 EDT
This bug should be resolved with resolving bug 1249092. Thus closing as NEXTRELEASE.

Note You need to log in before you can comment on or make changes to this bug.