Hi, I am trying to setup chaining backend and I encountered some problems. I setup nsBackendInstance object with all attributes but it would seem that "nsusestarttls" does not have any effect. Here is what happens: If I use ldaps over port 636 everything is fine: nsusestarttls: off nsfarmserverurl: ldaps://xxx:636 But when I change values to below it stops: nsusestarttls: on nsfarmserverurl: ldap://xxx:389 Logs on master server suggest that slave does not use startTLS when connecting. On slave server I can see this: [02/Sep/2010:15:53:22 +0000] conn=1 fd=64 slot=64 connection from <client IP> to <Slave IP> [02/Sep/2010:15:53:22 +0000] conn=1 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [02/Sep/2010:15:53:22 +0000] conn=1 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [02/Sep/2010:15:53:22 +0000] conn=1 SSL 256-bit AES [02/Sep/2010:15:53:22 +0000] conn=1 op=1 BIND dn="uid=xxx,ou=xxx,dc=xxx" method=128 version=3 [02/Sep/2010:15:53:22 +0000] conn=1 op=1 RESULT err=13 tag=97 nentries=0 etime=0 [02/Sep/2010:15:53:22 +0000] conn=1 op=-1 fd=64 closed - B1 On master: [02/Sep/2010:15:53:22 +0000] conn=34 fd=64 slot=64 connection from <Slave IP> to <Master IP> [02/Sep/2010:15:53:22 +0000] conn=34 op=0 BIND dn="uid=xxx,ou=xxx,dc=xxx" method=128 version=3 [02/Sep/2010:15:53:22 +0000] conn=34 op=0 RESULT err=13 tag=97 nentries=0 etime=0 We would prefer to use startTLS on port 389, does anybody know if this is possible or if anything else is required to make it work? -- Jacek Nykis IS Unix Frontend Engineer Fax: +44 (0) 20 8834 8001 Yahoo! Messenger: nykisj Betfair Limited | Winslow Road | Hammersmith Embankment | London | W6 9HP Company No. 5140986 P Please consider the environment before printing The information in this e-mail and any attachment is confidential and is intended only for the named recipient(s). The e-mail may not be disclosed or used by any person other than the addressee, nor may it be copied in any way. If you are not a named recipient please notify the sender immediately and delete any copies of this message. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Any view or opinions presented are solely those of the author and do not necessarily represent those of the company. Betfair (r) and the BETFAIR LOGO are registered trade marks of The Sporting Exchange Limited. ________________________________________________________________________ In order to protect our email recipients, Betfair Group use SkyScan from MessageLabs to scan all Incoming and Outgoing mail for viruses. ________________________________________________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20100902/7223e41d/attachment.html
