On Wed, Aug 09, 2017 at 07:47:06PM +0200, r0m5 wrote:
Yes so far "TLS_REQCERT allow" on the PHP applications' OS because the
OpenLDAP consumers certs are still self-signed.
Indeed I saw #8385 linked in ITS#8427. From my understanding #8385 deals
with certificate validation using libldap.
Le 2017-08-09 14:13, Michael Ströder a écrit :
> r0m5 wrote:
>
>> So I set up a PKI and now it looks OK regarding syncrepl. So I guess my
>> problem might
>> be related to ITS#8427, which I didn't see before posting here.
>>
>> I still have issues though, with applications randomly failing
On Wed, Aug 09, 2017 at 10:31:03AM +0200, r0m5 wrote:
I still have issues though, with applications randomly failing STARTTLS
to my consumers :-(
Are you still using the TLS_REQCERT option? If you are, you could be
seeing ITS#8385.
r0m5 wrote:
> Le 2017-08-09 14:13, Michael Ströder a écrit :
>> Many problems like this are caused by not getting the PKI to issue correct
>> public-key certs. Especially you should put all DNS names a LDAP client
>> might use to
>> connect to your LDAP server in subjectAltName extension.
>>
>>
r0m5 wrote:
> So I set up a PKI and now it looks OK regarding syncrepl. So I guess my
> problem might
> be related to ITS#8427, which I didn't see before posting here.
>
> I still have issues though, with applications randomly failing STARTTLS to my
> consumers
Many problems like this are
Le 2017-06-02 17:46, r0m5 a écrit :
> Le 2017-06-02 16:55, Quanah Gibson-Mount a écrit :
> --On Friday, June 02, 2017 11:01 AM +0200 r0m5 wrote:
>
> Hello,
>
> I am facing an issue with syncrepl and STARTTLS on 389 port. The kind of
> problem happening only sometimes, and
Le 2017-06-02 16:55, Quanah Gibson-Mount a écrit :
> --On Friday, June 02, 2017 11:01 AM +0200 r0m5 wrote:
>
>> Hello,
>>
>> I am facing an issue with syncrepl and STARTTLS on 389 port. The kind of
>> problem happening only sometimes, and disappearing "by itself". I use
>> Debian
--On Friday, June 02, 2017 11:01 AM +0200 r0m5 wrote:
Hello,
I am facing an issue with syncrepl and STARTTLS on 389 port. The kind of
problem happening only sometimes, and disappearing "by itself". I use
Debian Jessie, OpenLDAP 2.4.40+dfsg-1+deb8u2.
2.4.40 is 2.5 years old, 5