Hello, I am sorry for the inconveniences. I have filed a bug about this: https://bugzilla.redhat.com/show_bug.cgi?id=1375432 This should be fixed with next release.
Regards. Steve Zeng <[email protected]> writes: > Thanks for the LDAP tool box packages. I will give it a try. > > Quick questions, I ran ldd to find out which TLS/SSL library and it shows: > > # ldd /usr/sbin/slapd > > linux-vdso.so.1 => (0x00007fff5b044000) > libltdl.so.7 => /usr/lib64/libltdl.so.7 (0x00007f3a36585000) > libdb-4.7.so => /lib64/libdb-4.7.so (0x00007f3a36211000) > libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00007f3a35ff6000) > libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f3a35dbf000) > libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f3a35ba5000) > libssl3.so => /usr/lib64/libssl3.so (0x00007f3a35965000) > libsmime3.so => /usr/lib64/libsmime3.so (0x00007f3a35739000) > libnss3.so => /usr/lib64/libnss3.so (0x00007f3a353fa000) > libnssutil3.so => /usr/lib64/libnssutil3.so (0x00007f3a351cd000) > libplds4.so => /lib64/libplds4.so (0x00007f3a34fc9000) > libplc4.so => /lib64/libplc4.so (0x00007f3a34dc4000) > libnspr4.so => /lib64/libnspr4.so (0x00007f3a34b85000) > libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f3a34968000) > libwrap.so.0 => /lib64/libwrap.so.0 (0x00007f3a3475d000) > libc.so.6 => /lib64/libc.so.6 (0x00007f3a343c8000) > libdl.so.2 => /lib64/libdl.so.2 (0x00007f3a341c4000) > libfreebl3.so => /lib64/libfreebl3.so (0x00007f3a33f4d000) > libz.so.1 => /lib64/libz.so.1 (0x00007f3a33d36000) > librt.so.1 => /lib64/librt.so.1 (0x00007f3a33b2e000) > /lib64/ld-linux-x86-64.so.2 (0x00007f3a3679c000) > libnsl.so.1 => /lib64/libnsl.so.1 (0x00007f3a33914000) > > > # rpm -qf /usr/lib64/libssl3.so > > nss-3.21.0-8.el6.x86_64 > > > > Will that (the line containing libssl3.so) confirm it is the MozNSS libs? > > I also tried the other settings and all clients immediately could not > connect. It that a suggested settings for this purpose, or it is simply due > to the wrong value I gave? > > olcTLSCipherSuite: ALL:!TLSv1.0:!TLSv1.1:!SSLv3 > > > Thanks, > Steve > > > > On 9/12/16, 4:26 AM, "openldap-technical on behalf of Clément OUDOT" > <[email protected] on behalf of > [email protected]> wrote: > >> >> >>Le 11/09/2016 à 03:25, Steve Zeng a écrit : >>> Thanks for the note. So we need to rebuild it against OpenSSL? >>> >>> >> >>You can give a try to LDAP Tool Box packages which are built against >>OpenSSL: >>* http://ltb-project.org/wiki/documentation/openldap-rpm >>* http://ltb-project.org/wiki/download#openldap >> >>-- >>Clément OUDOT >>Consultant en logiciels libres, Expert infrastructure et sécurité >>Savoir-faire Linux >>87, rue de Turbigo - 75003 PARIS >>Blog: http://sflx.ca/coudot >> -- Matus Honek Associate Software Engineer @ Red Hat, Inc.
