292611 – SSL test in ldap start script is bogus

Bug 292611 - SSL test in ldap start script is bogus

Summary: SSL test in ldap start script is bogus

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	openldap
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jan Safranek
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-09-16 20:55 UTC by Jan Engelhardt
Modified:	2007-11-30 22:12 UTC (History)
CC List:	0 users
Fixed In Version:	openldap-2.3.38-2.fc8
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-09-18 11:08:10 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jan Engelhardt 2007-09-16 20:55:20 UTC

Description of problem:
In /etc/init.d/ldap the SSL test is bogus:

if grep -q ^TLS /etc/openldap/slapd.conf || test x$SLAPD_LDAPS = xyes ; then
    harg="$harg ldaps:///"
fi

TLS is *not* SSL and instead runs over ldap:/// or ldapi:///. As such, TLS
presence should not implicitly activate ldaps!
Fix:

if [ "$SLAPD_LDAPS" == yes ]; then
    harg="$harg ldaps:///";
fi;

Version-Release number of selected component (if applicable):
openldap-servers-2.3.38-1.fc8.i386.rpm
Dates back to at least FC6 where I found the bug too.

Comment 1 Jan Safranek 2007-09-18 10:58:35 UTC

fixed as you suggested - see SLAPD_LDAPS in /etc/sysconfig/ldap

Note You need to log in before you can comment on or make changes to this bug.