FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 01-31-2011, 08:14 PM
Michael Cronenworth
 
Default httpd cannot connect via TLS to LDAP server after upgrade to fedora 14

Ldap Tester wrote:
> I don't know if this is a problem with httpd's mod_authnz_ldap
> or its mod_ldap or with openldap, or just a configuration mistake
> on my part, but it used to work before the upgrade.
> I have searched all over for an answer to this problem
> because I can't believe that I am the only one having it,
> but I have found nothing.
> I welcome any ideas.

Fedora 14 had an undocumented feature where OpenLDAP switched from using
OpenSSL to NSS. NSS isn't a mature or bugfree library and each time core
utilities are switched to it (curl for example) NSS bugs spout their
ugly heads. I'm not sure where the drive to use NSS-for-everything comes
from, but that is for a separate thread.

As for your issue, with this change, defaults changed.

If any Red Hat NSS guy is listening, it would be nice to have your
future work documented as a Fedora feature. Not only would you get
recognition but there could be testing and documentation to go along
with your new feature.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 02-02-2011, 02:16 AM
James McKenzie
 
Default httpd cannot connect via TLS to LDAP server after upgrade to fedora 14

On 1/31/11 2:14 PM, Michael Cronenworth wrote:
> Ldap Tester wrote:
>> I don't know if this is a problem with httpd's mod_authnz_ldap
>> or its mod_ldap or with openldap, or just a configuration mistake
>> on my part, but it used to work before the upgrade.
>> I have searched all over for an answer to this problem
>> because I can't believe that I am the only one having it,
>> but I have found nothing.
>> I welcome any ideas.
> Fedora 14 had an undocumented feature where OpenLDAP switched from using
> OpenSSL to NSS. NSS isn't a mature or bugfree library and each time core
> utilities are switched to it (curl for example) NSS bugs spout their
> ugly heads. I'm not sure where the drive to use NSS-for-everything comes
> from, but that is for a separate thread.
>
I'll chime on this: OpenSSL is not FIPS-140 compliant and thus is being
removed from the list of approved Federal Security Software products in
the United States. NSS is on the list and thus can be used.

James McKenzie

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 08:04 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org