Re: problem with syncrepl and STARTTLS

2017-08-09 Thread Ryan Tandy
On Wed, Aug 09, 2017 at 07:47:06PM +0200, r0m5 wrote: Yes so far "TLS_REQCERT allow" on the PHP applications' OS because the OpenLDAP consumers certs are still self-signed. Indeed I saw #8385 linked in ITS#8427. From my understanding #8385 deals with certificate validation using libldap.

Re: problem with syncrepl and STARTTLS

2017-08-09 Thread r0m5
Le 2017-08-09 14:13, Michael Ströder a écrit : > r0m5 wrote: > >> So I set up a PKI and now it looks OK regarding syncrepl. So I guess my >> problem might >> be related to ITS#8427, which I didn't see before posting here. >> >> I still have issues though, with applications randomly failing

Re: problem with syncrepl and STARTTLS

2017-08-09 Thread Ryan Tandy
On Wed, Aug 09, 2017 at 10:31:03AM +0200, r0m5 wrote: I still have issues though, with applications randomly failing STARTTLS to my consumers :-( Are you still using the TLS_REQCERT option? If you are, you could be seeing ITS#8385.

Re: problem with syncrepl and STARTTLS

2017-08-09 Thread Michael Ströder
r0m5 wrote: > Le 2017-08-09 14:13, Michael Ströder a écrit : >> Many problems like this are caused by not getting the PKI to issue correct >> public-key certs. Especially you should put all DNS names a LDAP client >> might use to >> connect to your LDAP server in subjectAltName extension. >> >>

Re: problem with syncrepl and STARTTLS

2017-08-09 Thread Michael Ströder
r0m5 wrote: > So I set up a PKI and now it looks OK regarding syncrepl. So I guess my > problem might > be related to ITS#8427, which I didn't see before posting here. > > I still have issues though, with applications randomly failing STARTTLS to my > consumers Many problems like this are

Re: problem with syncrepl and STARTTLS

2017-08-09 Thread r0m5
Le 2017-06-02 17:46, r0m5 a écrit : > Le 2017-06-02 16:55, Quanah Gibson-Mount a écrit : > --On Friday, June 02, 2017 11:01 AM +0200 r0m5 wrote: > > Hello, > > I am facing an issue with syncrepl and STARTTLS on 389 port. The kind of > problem happening only sometimes, and

Re: problem with syncrepl and STARTTLS

2017-06-05 Thread r0m5
Le 2017-06-02 16:55, Quanah Gibson-Mount a écrit : > --On Friday, June 02, 2017 11:01 AM +0200 r0m5 wrote: > >> Hello, >> >> I am facing an issue with syncrepl and STARTTLS on 389 port. The kind of >> problem happening only sometimes, and disappearing "by itself". I use >> Debian

Re: problem with syncrepl and STARTTLS

2017-06-02 Thread Quanah Gibson-Mount
--On Friday, June 02, 2017 11:01 AM +0200 r0m5 wrote: Hello, I am facing an issue with syncrepl and STARTTLS on 389 port. The kind of problem happening only sometimes, and disappearing "by itself". I use Debian Jessie, OpenLDAP 2.4.40+dfsg-1+deb8u2. 2.4.40 is 2.5 years old, 5