Bug#421649: marked as done (Strange behavior using libldap2 with gnutls)

Mon, 18 Aug 2014 08:12:55 -0700 

Your message dated Mon, 18 Aug 2014 08:10:09 -0700
with message-id 
<CAMXH3QBsE=Nyxho6rFPyeEx=1kQfVn++-RPkQUNK53jjmt8=p...@mail.gmail.com>
and subject line Re: Strange behavior using libldap2 with gnutls
has caused the Debian Bug report #421649,
regarding Strange behavior using libldap2 with gnutls
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
421649: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=421649
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: libldap2
Version: 2.1.30-13.3
This version of libldap2 uses gnutls (libgnutls13) for secure communications. Using Debian's libnss-ldap (Version 251-7.5) and an authenticated secure channel towards a Microsoft Active Directory LDAP server, certificates verification was ok, data transfer was ok too, but we experienced hangs at the end the transfer. 

Transcript :
root@srv# getent passwd
root:x:0:0:root:/root:/bin/sh
user1:x:501:500:/home/user1:/bin/sh
...
user125:x:625:500:/home/user125:/bin/sh # This is our last LDAP user, that's fine 
<And then nothing happens. The request hangs forever.>
<Only way to exit: Ctrl-C or wait for ldap.conf's timelimit>
root@srv#

What we tried :
- Recompile libldap using openssl instead of gnutls
- Recompile libnss_ldap to point to our new libldap.
- Result : things worked fine.

our ldap.conf says (for the important sections) :
# ldap.conf
uri ldaps://our.server:636/
binddn someuserDN
bindpw someuserPW
ssl yes
tls_cacertdir /etc/ssl/cacerts/
tls_checkpeer yes
######

Regards,
Jerome.

--- End Message ---
--- Begin Message --- 
Hi, thanks for the quick answer!

On Mon, Aug 18, 2014 at 7:55 AM, Jerome Oufella
<[email protected]> wrote:
> Sadly it's been a long time, and I don't have access to this environment
> anymore, so I can't tell you.

In that case I am closing this bug, as I don't see another way I can
help with it and haven't seen any recent reports of similar problems.
Anyone who experiences the same symptoms in future is welcome to
reopen it.

thanks,
Ryan

--- End Message ---

Reply via email to