From owner-freebsd-bugs@FreeBSD.ORG  Tue Apr 27 02:44:53 2004
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 097CB16A4CF
	for <freebsd-bugs@freebsd.org>; Tue, 27 Apr 2004 02:44:53 -0700 (PDT)
Received: from smtp3.ing.unibs.it (smtp3.ing.unibs.it [192.167.23.193])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1BDB143D6B
	for <freebsd-bugs@freebsd.org>; Tue, 27 Apr 2004 02:44:51 -0700 (PDT)
	(envelope-from francesco.gringoli@ing.unibs.it)
Received: from smtp.ing.unibs.it (smtp.ing.unibs.it [192.167.20.162])
	by smtp3.ing.unibs.it (8.12.8/8.12.8) with ESMTP id i3R9ihLU010327
	for <freebsd-bugs@freebsd.org>; Tue, 27 Apr 2004 11:44:43 +0200
Received: from [192.168.20.8] (noragw.ing.unibs.it [192.167.20.210])
	(authenticated bits=0)i3R9Ymao025983
	(version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT)
	for <freebsd-bugs@freebsd.org>; Tue, 27 Apr 2004 11:34:59 +0200
Mime-Version: 1.0 (Apple Message framework v613)
Content-Transfer-Encoding: 7bit
Message-Id: <1F4FEB7C-982E-11D8-B46A-000A95CD8008@ing.unibs.it>
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: freebsd-bugs@freebsd.org
From: Francesco Gringoli <francesco.gringoli@ing.unibs.it>
Date: Tue, 27 Apr 2004 11:34:46 +0200
X-Mailer: Apple Mail (2.613)
X-Virus-Scanned: by AMaViS - amavis-milter (http://www.amavis.org/)
Subject: conflicts between slapd and nsswitch (SSL not working)
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Apr 2004 09:44:53 -0000

Packages: openldap2(0,1)-server, nss-ldap

Hi all,

If slapd is configured to run as a user different than root (default 
config)
and nsswitch is configured to search first in files and then in ldap and
the ldap server specified for nsswitch is different then this,
when slapd starts its SSL engine seems down:
although slapd binds on port 636, traffic on this
port is not SSL (try with openssl s_client and see
that no certificate is returned during the handshake,
really there is no handshake at all).
Note: slapd start normally as the user specified in slapd.conf,
it is possible to do search inside the ldap db,
nss-ldap is ok and userid and gid are those defined in the ldap db,
BUT
the SSL engine is off.

Note: if the ldap server specified for nsswitch is the same a time-out
occur, since the slapd calls getpwnam and the ldap module
cannot obtain anything. In this case the SSL engine is OK.

Regards,
FG