[Prev] Thread [Next] |
[Prev] Date [Next]
Re: trouble with ldaps in ldap lookup map
Fri Jun 26 13:00:34 2009
--On Friday, June 26, 2009 2:37 PM -0400 Victor Duchovni
<[EMAIL PROTECTED]> wrote:
openldap appear to be using gnutls:
> ldd /usr/sbin/slapd | egrep -i '(tls|ssl)'
libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0xb7d01000)
Not sure it is a good idea to mix both in the same address space...
I've only ever tested with LDAP over OpenSSL, not LDAP over GNUTLS.
I don't see any code path in OpenLDAP 2.4.11 that wants a live server
connection for setting the per-connection TLS context. This call should
not be failing.
Mixing them is a very bad idea. Also, there have been numerous fixes to
the GnuTLS support in OpenLDAP since 2.4.11. 2.4.16 should be used
instead. I'd also advise using OpenSSL instead of GnuTLS with your
OpenLDAP build. GnuTLS has too many issues in and of itself, and loading
both into the same process space is not going to go well.
Principal Software Engineer
Zimbra :: the leader in open source messaging and collaboration