On Jun 26, 2008, at 2:08 PM, Norbert Sendetzky wrote:
Please try "ldapsearch -ZZ ..." as "-Z" only tries to connect using
TLS but
falls back to normal connections if TLS fails.
-ZZ is also successful.
It would be also interesting to see your ldap related pdns.conf
settings.
The only two things I have are:
launch=ldap
ldap-basedn=ou=hosts,dc=foobar,dc=com
I tried setting the host explicitly to IP address, URI, etc. Didn't
help.
Does "netstat -lp" shows open connections from your box to the LDAP
server?
Yes. Please see below: (Both pdns and sldapd are on the same machine.)
# netstat -lp tcp
Active Internet connections
Proto Recv-Q Send-Q Local Address Foreign Address
(state)
tcp4 0 0 localhost.ldap localhost.53006
ESTABLISHED
tcp4 0 0 localhost.53006 localhost.ldap
ESTABLISHED
tcp4 0 0 localhost.ldap localhost.53625
ESTABLISHED
tcp4 0 0 localhost.53625 localhost.ldap
ESTABLISHED
tcp4 0 0 localhost.ldap localhost.64231
ESTABLISHED
tcp4 0 0 localhost.64231 localhost.ldap
ESTABLISHED
tcp4 0 0 localhost.ldap localhost.63398
ESTABLISHED
tcp4 0 0 localhost.63398 localhost.ldap
ESTABLISHED
btw, there is another behavior I don't understand, but might help with
debugging this issue.
During my successful non-TLS mode operation, I noticed that all my
successful dig responses still had the ";; WARNING: recursion
requested but not available" message. I noticed on pdns' logs that it
was sending that warning to the client every time a successful lookup
happened. Maybe this is completely unrelated.
Please let me know if there is anything else you would like me to check.
thanks
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
