Description of problem: Version-Release number of selected component (if applicable): 1.4.15-2 How reproducible: Steps to Reproduce: 1. Take Oracle Enterprise Linux 6.1 2. Install 389 Directory with SSL or take a working one. 3. Install epel repository and latest nagios-plugins-ldap 4. Run /usr/lib64/nagios/plugins/check_ldaps -H <389 hostname> -S -p <389 port> -b <389's base DN> -v Actual results: ldap_bind: Can't contact LDAP server (-1) additional info: TLS error -8172:Unknown code ___f 20 Could not bind to the LDAP server Expected results: LDAP OK - 0,008 seconds response time|time=0,007882s;;;0,000000 Additional info: All works fine with non SSL check_ldap. Same version of nagios-plugins works fine under RedHat (OEL) 5.7 Version rpmbuilded from sources have a same problems.
Eugene, Would you mind testing nagios-plugins 1.4.16 (that has just been pushed for rawhide) and see if the problem still persists? From the nagios-plugins 1.4.16 release notes (http://nagiosplugins.org/nagiosplugins-1.4.16): --------- ... Fixes: ... * Fix check_ldap overriding the port when --ssl was specified after -p ... -------- tia, jpo
With 1.4.16 I've got more descriptive message: ldap_bind: Can't contact LDAP server (-1) additional info: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user. Could not bind to the LDAP server Really, Thawte introduce intermediate certificates, so now we have certificates chain for this server. But any certificate in chain must be trusted. openssl shows: depth=3 C = ZA, ST = Western Cape, L = Cape Town, O = Thawte Consulting cc, OU = Certification Services Division, CN = Thawte Premium Server CA, emailAddress = premium-server verify return:1 depth=2 C = US, O = "thawte, Inc.", OU = Certification Services Division, OU = "(c) 2006 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA verify return:1 depth=1 C = US, O = "Thawte, Inc.", CN = Thawte SSL CA verify return:1 depth=0 ...our company certificate... verify return:1 --- Certificate chain 0 s:<...our company certificate...> i:/C=US/O=Thawte, Inc./CN=Thawte SSL CA 1 s:/C=US/O=Thawte, Inc./CN=Thawte SSL CA i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA 2 s:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server 3 s:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server --- Server certificate -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- subject=...our company certificate... issuer=/C=US/O=Thawte, Inc./CN=Thawte SSL CA --- Acceptable client certificate CA names /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA /C=US/O=Thawte, Inc./CN=Thawte SSL CA --- SSL handshake has read 4686 bytes and written 451 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: 0956B35F076A8B2973EBA918F4D84537ADC446BDF6C3E75A381EE1B11B9B1C8E Session-ID-ctx: Master-Key: BC465280405936A93F1E1983BFAE851118D2B95650A96882E280862E2DA05E125456F178B11973B2B31601056328B5C2 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1342070086 Timeout : 300 (sec) Verify return code: 0 (ok) ---
nagios-plugins-2.1.4-2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-8ada3d2a1f
nagios-plugins-2.1.4-2.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-dc9e470823
nagios-plugins-2.1.4-2.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-f30fae0f67
nagios-plugins-2.1.4-2.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-8586235698
nagios-plugins-2.1.4-2.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-17165c490b
nagios-plugins-2.1.4-2.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-17165c490b
nagios-plugins-2.1.4-2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-8ada3d2a1f
nagios-plugins-2.1.4-2.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-f30fae0f67
nagios-plugins-2.1.4-2.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-dc9e470823
nagios-plugins-2.1.4-2.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-8586235698
nagios-plugins-2.1.4-2.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
nagios-plugins-2.1.4-2.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
nagios-plugins-2.1.4-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
nagios-plugins-2.1.4-2.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.