postfix-users

[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: trouble with ldaps in ldap lookup map Quanah Gibson-Mount Fri Jun 26 13:00:34 2009

--On Friday, June 26, 2009 2:37 PM -0400 Victor Duchovni <[EMAIL PROTECTED]> wrote:

openldap appear to be using gnutls:

> ldd /usr/sbin/slapd | egrep -i '(tls|ssl)'
        libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0xb7d01000)

Not sure it is a good idea to mix both in the same address space...
I've only ever tested with LDAP over OpenSSL, not LDAP over GNUTLS.

I don't see any code path in OpenLDAP 2.4.11 that wants a live server
connection for setting the per-connection TLS context. This call should
not be failing.

Mixing them is a very bad idea. Also, there have been numerous fixes to the GnuTLS support in OpenLDAP since 2.4.11. 2.4.16 should be used instead. I'd also advise using OpenSSL instead of GnuTLS with your OpenLDAP build. GnuTLS has too many issues in and of itself, and loading both into the same process space is not going to go well.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration