Bug 292611 - SSL test in ldap start script is bogus
SSL test in ldap start script is bogus
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: openldap (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jan Safranek
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-09-16 16:55 EDT by Jan Engelhardt
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version: openldap-2.3.38-2.fc8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-18 07:08:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Engelhardt 2007-09-16 16:55:20 EDT
Description of problem:
In /etc/init.d/ldap the SSL test is bogus:

if grep -q ^TLS /etc/openldap/slapd.conf || test x$SLAPD_LDAPS = xyes ; then
    harg="$harg ldaps:///"
fi

TLS is *not* SSL and instead runs over ldap:/// or ldapi:///. As such, TLS
presence should not implicitly activate ldaps!
Fix:

if [ "$SLAPD_LDAPS" == yes ]; then
    harg="$harg ldaps:///";
fi;

Version-Release number of selected component (if applicable):
openldap-servers-2.3.38-1.fc8.i386.rpm
Dates back to at least FC6 where I found the bug too.
Comment 1 Jan Safranek 2007-09-18 06:58:35 EDT
fixed as you suggested - see SLAPD_LDAPS in /etc/sysconfig/ldap

Note You need to log in before you can comment on or make changes to this bug.