Hi, I am trying to setup chaining backend and I encountered some problems. I setup nsBackendInstance object with all attributes but it would seem that "nsusestarttls" does not have any effect. Here is what happens: If I use ldaps over port 636 everything is fine: nsusestarttls: off nsfarmserverurl: ldaps://xxx:636 But when I change values to below it stops: nsusestarttls: on nsfarmserverurl: ldap://xxx:389 Logs on master server suggest that slave does not use startTLS when connecting. On slave server I can see this: [02/Sep/2010:15:53:22 +0000] conn=1 fd=64 slot=64 connection from <client IP> to <Slave IP> [02/Sep/2010:15:53:22 +0000] conn=1 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [02/Sep/2010:15:53:22 +0000] conn=1 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [02/Sep/2010:15:53:22 +0000] conn=1 SSL 256-bit AES [02/Sep/2010:15:53:22 +0000] conn=1 op=1 BIND dn="uid=xxx,ou=xxx,dc=xxx" method=128 version=3 [02/Sep/2010:15:53:22 +0000] conn=1 op=1 RESULT err=13 tag=97 nentries=0 etime=0 [02/Sep/2010:15:53:22 +0000] conn=1 op=-1 fd=64 closed - B1 On master: [02/Sep/2010:15:53:22 +0000] conn=34 fd=64 slot=64 connection from <Slave IP> to <Master IP> [02/Sep/2010:15:53:22 +0000] conn=34 op=0 BIND dn="uid=xxx,ou=xxx,dc=xxx" method=128 version=3 [02/Sep/2010:15:53:22 +0000] conn=34 op=0 RESULT err=13 tag=97 nentries=0 etime=0 We would prefer to use startTLS on port 389, does anybody know if this is possible or if anything else is required to make it work? -- Jacek Nykis IS Unix Frontend Engineer Fax: +44 (0) 20 8834 8001 Yahoo! Messenger: nykisj Betfair Limited | Winslow Road | Hammersmith Embankment | London | W6 9HP Company No. 5140986 P Please consider the environment before printing The information in this e-mail and any attachment is confidential and is intended only for the named recipient(s). The e-mail may not be disclosed or used by any person other than the addressee, nor may it be copied in any way. If you are not a named recipient please notify the sender immediately and delete any copies of this message. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Any view or opinions presented are solely those of the author and do not necessarily represent those of the company. Betfair ® and the BETFAIR LOGO are registered trade marks of The Sporting Exchange Limited. ________________________________________________________________________ In order to protect our email recipients, Betfair Group use SkyScan from MessageLabs to scan all Incoming and Outgoing mail for viruses. ________________________________________________________________________ |
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
