[email protected] wrote: > Full_Name: Dirk Kastens > Version: 2.4.39 > OS: RedHat SL 6.6 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (2001:638:508:3d0:12a:32c6:740c:8971) > > > We installed an ldap cluster with a mirrored master and several replicas on > RedHat SL 6.5 with openldap 2.4.23-34.el6_5.1.x86_64. Write requests to the > replicas are referred to the master server. The chain overlay follows the > referral. It connects with the saslmech EXTERNAL to the master. The master > maps > the DN of the certificate to the replica admin. The replica admin has its > authzTo attribute set to the write admin. This way the writing perfectly > worked > on our replica servers for all admins that are listed in the authzTo > attribute. > Shortly the machines were updated to SL 6.6 with openldap 2.4.39-8.el6.x86_64. > The proxyauth stopped working. Write requests to the replica servers end with > the error > "ldap_modify: Other (e.g., implementationpepecific) error (80)".
Without debug output from slapd there's no evidence of an OpenLDAP software bug here. Most likely the TLS library changed between your two versions and you're missing a TLS option now. Regardless, you're using a Red Hat build which contains their own unknown patches to the code. The OpenLDAP Project cannot support these builds since we don't know exactly what they are, but they are known to break OpenLDAP functionality on a routine basis. e.g. https://bugzilla.redhat.com/show_bug.cgi?id=1095976 Ask Red Hat for support on their build. Closing this ITS. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
