--On Monday, November 2, 2020 9:32 PM +0000 "Heinemann, Peter G"
<[email protected]> wrote:
Good Day,
Working on moving from RHEL6 to RHEL8. Given the drop in support for
openldap in RHEL8 I've installed the symas-openldap distros.
Hi Peter,
You haven't provided any configuration information, so that makes it
difficult to assist. I would note that TLS works just fine for me with
RHEL8 and the 2.4.55 packages.
First, with startTLS:
ldapsearch -LLL -ZZ -x -H ldap://127.0.0.1
No such object (32)
Second, with 636:
ldapsearch -LLL -x -H ldaps://127.0.0.1:636
No such object (32)
openssl version
OpenSSL 1.1.1c FIPS 28 May 2019
nmap --script ssl-enum-ciphers -p 636 localhost -Pn
Starting Nmap 7.70 ( https://nmap.org ) at 2020-11-02 23:51 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00011s latency).
Other addresses for localhost (not scanned): ::1
PORT STATE SERVICE
636/tcp open ldapssl
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 4096) - A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 4096) - A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 4096) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 4096) - A
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 4096) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 4096) - A
| compressors:
| NULL
| cipher preference: client
| warnings:
| Key exchange (secp256r1) of lower strength than certificate key
|_ least strength: A
Nmap done: 1 IP address (1 host up) scanned in 0.78 seconds
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
