Project

General

Profile

Bug #15601

LDAP integration over SSL

Added by Erin Clark over 4 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
Blocks Until Resolved
Assignee:
Vaibhav Chauhan
Category:
OS
Target version:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

This was broken with my LDAP password fixes in 9.10 that were also backported to 9.3, this needs to be tested and and backported

when i try to make an LDAP connection over SSL, i'm having an error which says "Can't contact LDAP server." . When i checked /var/log/debug.log, i'm seeing that SSL option was set to "off" like ;

[common.freenasldap:184] FreeNAS_LDAP_Directory.__init__: host = ldap.domain.com, port = 636, binddn =, =basedn = , ssl = off

No matter which encryption type i choose(TLS/SSL), it is always set to "off", i don't know if it's a bug or not. Then i tried to make a query from cli after i added the information to "/usr/local/etc/openldap/ldap.conf" and still no luck. The error i got when i use ldapsearch;

TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_connect:error in error
TLS trace: SSL_connect:error in error
TLS: can't connect: error:14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small.

Related issues

Copied from FreeNAS - Bug #15533: LDAP integration over SSLResolved2016-05-24

Associated revisions

Revision 47331b9b (diff)
Added by Erin Clark over 4 years ago

Combine ldap clean methods to fix SSL connection password checking Ticket: #15533 Ticket: #15601 (cherry picked from commit c30e7721c73df843172cc1de7b1f6421346aa082)

Revision a19f095b (diff)
Added by Erin Clark over 4 years ago

Previous commit needs LDAPError in directory services form to work Ticket: #15601

Revision d784d534 (diff)
Added by Erin Clark over 4 years ago

Previous commit needs LDAPError in directory services form to work Ticket: #15601 (cherry picked from commit a19f095be67ed88d0f8fc2505f6a436e03c4759b)

Revision ec3b539c (diff)
Added by Erin Clark over 4 years ago

Fix backport of LDAP with SSL form fix for FreeNAS 9.3 Ticket: #15601 Ticket: #15754

Revision 189a3f9f (diff)
Added by Erin Clark over 4 years ago

Fix backport of LDAP with SSL form fix for FreeNAS 9.3 Ticket: #15601 Ticket: #15754 (cherry picked from commit ec3b539c8a185c66b5b6395e9f3471eeb60ee7aa)

History

#1 Updated by Erin Clark over 4 years ago

  • Copied from Bug #15533: LDAP integration over SSL added

#3 Updated by Erin Clark over 4 years ago

  • Status changed from Unscreened to Needs Developer Review

#4 Updated by Erin Clark over 4 years ago

  • Status changed from Needs Developer Review to 19
  • Priority changed from Blocks Until Resolved to Important

There are some complications with this fix since some things changed between 9.10 and 9.3 so I will test this before the next maintenance SU

#5 Updated by Erin Clark over 4 years ago

  • Priority changed from Important to Blocks Until Resolved

There are some complications with this fix since some things changed between 9.10 and 9.3 so I will test this before the next maintenance SU

#7 Updated by Erin Clark over 4 years ago

  • Status changed from 19 to Ready For Release

#8 Updated by Erin Clark over 4 years ago

  • Status changed from Ready For Release to 19

#9 Updated by Erin Clark over 4 years ago

  • Status changed from 19 to Needs Developer Review

#10 Updated by Vaibhav Chauhan about 4 years ago

is this reviewed ?

#11 Updated by Vaibhav Chauhan about 4 years ago

  • Assignee changed from Erin Clark to Suraj Ravichandran

Suraj can you please review the changes ?

#12 Updated by Suraj Ravichandran about 4 years ago

  • Status changed from Needs Developer Review to Reviewed
  • Assignee changed from Suraj Ravichandran to Vaibhav Chauhan

#13 Updated by Vaibhav Chauhan about 4 years ago

  • Status changed from Reviewed to Ready For Release

this change have been merged in 9.3-STABLE

#14 Avatar?id=14398&size=24x24 Updated by Kris Moore about 4 years ago

  • Target version changed from Maintainance SU to 9.10.1-U1

#15 Updated by Vaibhav Chauhan about 4 years ago

  • Target version changed from 9.10.1-U1 to Maintainance SU

#16 Avatar?id=14398&size=24x24 Updated by Kris Moore about 3 years ago

  • Target version changed from Maintainance SU to N/A

#17 Updated by Dru Lavigne almost 3 years ago

  • Status changed from Ready For Release to Resolved

Also available in: Atom PDF