Bug 97675 – LDAP TLS Encryption Fails

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 97675 - LDAP TLS Encryption Fails

Summary:	LDAP TLS Encryption Fails

Status:	CLOSED DUPLICATE of bug 51352

Aliases:	None

Product:	Red Hat Linux
Classification:	Retired
Component:	openldap (Show other bugs)
Sub Component:
Version:	9
Hardware:	All Linux

Priority	high Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Nalin Dahyabhai
QA Contact:	Jay Turner
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:	51352 97676
Blocks:
	Show dependency tree / graph

Reported:	2003-06-19 00:39 EDT by Gabriel Donnell
Modified:	2015-01-07 19:05 EST (History)
CC List:	1 user (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2003-06-19 04:25:42 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
/var/log/messages (5.23 KB, text/plain) 2003-06-19 00:42 EDT, Gabriel Donnell	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Gabriel Donnell 2003-06-19 00:39:42 EDT

Description of problem:
LDAP does not work when TLS encryption is used on LDAP clients.

Version-Release number of selected component (if applicable):
2.0.27-8

How reproducible:
Always

Steps to Reproduce:
1. Configure a Red Hat Linux 9.0 LDAP server:
https://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-ldap-quickstart.html
2. Configure a Red Hat Linux 9.0 LDAP client with TLS encryption disabled:
https://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-ldap-pam.html
3. If no user accounts were added to the LDAP database with the migration tools,
   then added a test user account.
4. Create a local home directory for the LDAP user on the LDAP client host.
5. Confirm there is no local account for the LDAP user on the LDAP client host.
6. Log in without GDM (su, ssh, a tty login screen, etc) to confirm it works.
7. Enable TLS encryption on the LDAP client host.
8. Log in without GDM (su, ssh, a tty login screen, etc) to verify failure.

Actual results:
Error message below is printed by ldap client or in /var/log/messages file.
ldap_starttls_s: Connect error

Expected results:
TLS encryption to work with LDAP clients.

Additional info:
An excerpt from the /var/log/messages file on the LDAP client system is
attached.

The several lines show LDAP TLS start failure messages.  Then they are followed
by successful testuser0 log in sessions from the login (tty1), su, and sshd
utilities.

Comment 1 Gabriel Donnell 2003-06-19 00:42:25 EDT

Created attachment 92478 [details]
/var/log/messages

Comment 2 Gabriel Donnell 2003-06-19 00:53:01 EDT

Do not use GDM to log in to the LDAP client host because it does not work.
I reported this in the 97676 ticket.

Comment 3 Gabriel Donnell 2003-06-19 04:23:59 EDT

Hello,

I resolved the problem.  I followed the resolution provided by Nalin Dahyabhai
in the 51352 ticket.  I had to regenerate the /usr/share/ssl/certs/slapd.pem
file with the LDAP server host name that the LDAP client was configured to use.
I did that earlier, but forgot to change the group and permissions so the ldapd
user could read the file.

Sorry, for submitting this ticket.  I did not read and follow the resolution
in the 51352 ticket carefully.

This information should be documented.  May be I over looked it.  I did not
see this in the Red Hat Reference Guide or DAP Linux HOWTO.

*** This bug has been marked as a duplicate of 51352 ***

Note You need to log in before you can comment on or make changes to this bug.