While 389ds cannot configure secure replication, the following message is logged:
[30/Mar/2016:20:39:18 +0000] setup_ol_tls_conn - failed: unable to create new TLS context [30/Mar/2016:20:39:18 +0000] slapi_ldap_bind - Error: could not configure the server for cert auth - error -1 - make sure the server is correctly configured for SSL/TLS
The error code returned by ldap_set_option() is discarded, and the error message gives no indication as to what the cause of the error was.
Fix is attached.
Fix is as follows:
{{{ diff --git a/ldap/servers/slapd/ldaputil.c b/ldap/servers/slapd/ldaputil.c index 9281e20..e62d1f2 100644 --- a/ldap/servers/slapd/ldaputil.c +++ b/ldap/servers/slapd/ldaputil.c @@ -608,7 +608,7 @@ setup_ol_tls_conn(LDAP ld, int clientauth) that optval is ignored - what matters is that it is not NULL / if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &optval))) { slapi_log_error(SLAPI_LOG_FATAL, "setup_ol_tls_conn", - "failed: unable to create new TLS context\n"); + "failed: unable to create new TLS context - %d\n", rc); }
return rc;
}}}
Thanks for providing the patch, minfrin. Could it be possible to make a git patch file from your source tree? That way, we could just push it with your signature.
Include the underlying error code to the message "failed: unable to create new TLS context" 0001-Include-the-underlying-error-code-to-the-message-fai.patch
Just added it, thanks for confirming.
Thank you for providing the patch, Graham! Reviewed by nhosoi@redhat.com.
Pushed the patch to master. 46dbd62..696e29b master -> master commit 696e29b Author: Graham Leggett minfrin@sharp.fm Date: Wed Mar 30 23:20:51 2016 +0200
Metadata Update from @nhosoi: - Issue set to the milestone: 1.3.5.2
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/1841
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.