Jacek Nykis wrote: > > Hi, > > > > I am trying to setup chaining backend and I encountered some problems. > > I setup nsBackendInstance object with all attributes but it would seem > that "nsusestarttls" does not have any effect. Here is what happens: > > > > If I use ldaps over port 636 everything is fine: > > nsusestarttls: off > > nsfarmserverurl: ldaps://xxx:636 > > > > But when I change values to below it stops: > > nsusestarttls: on > > nsfarmserverurl: ldap://xxx:389 > > > > Logs on master server suggest that slave does not use startTLS when > connecting. > > > > On slave server I can see this: > > [02/Sep/2010:15:53:22 +0000] conn=1 fd=64 slot=64 connection from > <client IP> to <Slave IP> > > [02/Sep/2010:15:53:22 +0000] conn=1 op=0 EXT > oid="1.3.6.1.4.1.1466.20037" name="startTLS" > > [02/Sep/2010:15:53:22 +0000] conn=1 op=0 RESULT err=0 tag=120 > nentries=0 etime=0 > > [02/Sep/2010:15:53:22 +0000] conn=1 SSL 256-bit AES > > [02/Sep/2010:15:53:22 +0000] conn=1 op=1 BIND > dn="uid=xxx,ou=xxx,dc=xxx" method=128 version=3 > > [02/Sep/2010:15:53:22 +0000] conn=1 op=1 RESULT err=13 tag=97 > nentries=0 etime=0 > > [02/Sep/2010:15:53:22 +0000] conn=1 op=-1 fd=64 closed - B1 > > > > On master: > > [02/Sep/2010:15:53:22 +0000] conn=34 fd=64 slot=64 connection from > <Slave IP> to <Master IP> > > [02/Sep/2010:15:53:22 +0000] conn=34 op=0 BIND > dn="uid=xxx,ou=xxx,dc=xxx" method=128 version=3 > > [02/Sep/2010:15:53:22 +0000] conn=34 op=0 RESULT err=13 tag=97 > nentries=0 etime=0 > > > > We would prefer to use startTLS on port 389, does anybody know if this > is possible or if anything else is required to make it work? > What platform? What version of 389-ds-base? > > > > -- > > Jacek Nykis > > IS Unix Frontend Engineer > > > > Fax: +44 (0) 20 8834 8001 > > Yahoo! Messenger: nykisj > > > > > > Betfair Limited | Winslow Road | Hammersmith Embankment | London | W6 9HP > > Company No. 5140986 > > > > P* **Please consider the environment before printing* > > > > The information in this e-mail and any attachment is confidential and > is intended only for the named recipient(s). The e-mail may not be > disclosed or used by any person other than the addressee, nor may it > be copied in any way. If you are not a named recipient please notify > the sender immediately and delete any copies of this message. Any > unauthorized copying, disclosure or distribution of the material in > this e-mail is strictly forbidden. Any view or opinions presented are > solely those of the author and do not necessarily represent those of > the company. Betfair ? and the BETFAIR LOGO are registered trade marks > of The Sporting Exchange Limited. > > > > > ________________________________________________________________________ > In order to protect our email recipients, Betfair Group use SkyScan from > MessageLabs to scan all Incoming and Outgoing mail for viruses. > > ________________________________________________________________________ > ------------------------------------------------------------------------ > > -- > 389 users mailing list > 389-users at lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users
