conflicts between slapd and nsswitch (SSL not working)
Oliver Eikemeier
eikemeier at fillmore-labs.com
Tue Apr 27 13:20:08 UTC 2004
Francesco Gringoli wrote:
> Packages: openldap2(0,1)-server, nss-ldap
>
> Hi all,
>
> If slapd is configured to run as a user different than root (default
> config)
> and nsswitch is configured to search first in files and then in ldap and
> the ldap server specified for nsswitch is different then this,
> when slapd starts its SSL engine seems down:
> although slapd binds on port 636, traffic on this
> port is not SSL (try with openssl s_client and see
> that no certificate is returned during the handshake,
> really there is no handshake at all).
> Note: slapd start normally as the user specified in slapd.conf,
> it is possible to do search inside the ldap db,
> nss-ldap is ok and userid and gid are those defined in the ldap db,
> BUT
> the SSL engine is off.
>
> Note: if the ldap server specified for nsswitch is the same a time-out
> occur, since the slapd calls getpwnam and the ldap module
> cannot obtain anything. In this case the SSL engine is OK.
What do you mean with `different' and `same' specified server?
Also, some more iforemation would be useful, like
uname -a
pkg_info
ldd /usr/local/libexec/slapd
ps auxwww | grep slapd
cat /usr/local/etc/openldap/slapd.conf
cat /usr/local/etc/nss_ldap.conf
-Oliver
More information about the freebsd-ports-bugs
mailing list