Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nsslapd-extract-pemfiles should be enabled by default as openldap is moving to openssl #2619

Closed
389-ds-bot opened this issue Sep 13, 2020 · 8 comments
Closed

nsslapd-extract-pemfiles should be enabled by default as openldap is moving to openssl #2619

389-ds-bot opened this issue Sep 13, 2020 · 8 comments
Labels
closed: fixed Migration flag - Issue
Milestone
1.3.7.0

Comments

@389-ds-bot
Copy link

Cloned from Pagure issue: https://pagure.io/389-ds-base/issue/49560

Issue Description

Due to a change in the OpenLDAP client libraries (switching from NSS to OpenSSL), the TLS options LDAP_OPT_X_TLS_CACERTFILE, LDAP_OPT_X_TLS_KEYFILE, LDAP_OPT_X_TLS_CERTFILE, need to specify path to PEM files.

Those PEM files are extracted from the key/certs from the NSS db in /etc/dirsrv/slapd-xxx

Those files are extracted if the option (under 'cn=config') nsslapd-extract-pemfiles is set to 'on'.

The default value is 'off', that prevent secure outgoing connection.

Package Version and Platform

1.3.7

Steps to reproduce

see related BZ

Actual results

Expected results
@389-ds-bot 389-ds-bot added the closed: fixed Migration flag - Issue label Sep 13, 2020
@389-ds-bot 389-ds-bot added this to the 1.3.7.0 milestone Sep 13, 2020
@389-ds-bot
Copy link
Author

Comment from tbordaz (@tbordaz) at 2018-02-06 19:37:05

Metadata Update from @tbordaz:

  • Custom field component adjusted to None
  • Custom field origin adjusted to None
  • Custom field reviewstatus adjusted to None
  • Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1542645
  • Custom field type adjusted to None
  • Custom field version adjusted to None

@389-ds-bot
Copy link
Author

Comment from tbordaz (@tbordaz) at 2018-02-06 19:37:20

Metadata Update from @tbordaz:

  • Issue set to the milestone: 1.3.7.0

@389-ds-bot
Copy link
Author

Comment from tbordaz (@tbordaz) at 2018-02-06 19:53:02

0001-Ticket-49560-nsslapd-extract-pemfiles-should-be-enab.patch

@389-ds-bot
Copy link
Author

Comment from mhonek (@kenoh) at 2018-02-06 21:39:44

Patch looks good to me. ACK+

@389-ds-bot
Copy link
Author

Comment from mhonek (@kenoh) at 2018-02-06 21:53:43

Metadata Update from @kenoh:

  • Custom field reviewstatus adjusted to ack (was: None)

@389-ds-bot
Copy link
Author

Comment from mreynolds (@mreynolds389) at 2018-02-07 00:38:58

ca8f1fd..8304cae master -> master

806de71..b68d3cb 389-ds-base-1.3.7 -> 389-ds-base-1.3.7

@389-ds-bot
Copy link
Author

Comment from spichugi (@droideck) at 2018-03-07 09:40:42

commit 73638d6
Author: Simon Pichugin droideck@redhat.com
Date: Tue Feb 20 19:49:35 2018 +0100

@389-ds-bot
Copy link
Author

Comment from mhonek (@kenoh) at 2019-02-19 16:09:26

Metadata Update from @kenoh:

  • Issue close_status updated to: fixed
  • Issue status updated to: Closed (was: Open)

@389-ds-bot 389-ds-bot mentioned this issue Sep 13, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
closed: fixed Migration flag - Issue
Projects
None yet
Milestone
1.3.7.0
Development

No branches or pull requests
1 participant
@389-ds-bot