The issue seems to be not fixed for i386 architecture. For the other it works.
openldap-2.4.46-2.fc28.i686
/etc/openldap/slapd.conf >>>
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database config
rootdn cn=Manager,cn=config
This update has been submitted for testing by mhonek.
This update has been pushed to testing.
works
works for me
The issue seems to be not fixed for i386 architecture. For the other it works.
openldap-2.4.46-2.fc28.i686
password is 'x'
rootpw x
database bdb suffix dc=my-domain,dc=com rootdn "cn=Manager,dc=my-domain,dc=com"
password is 'x'
rootpw {SSHA}tOSmeQCcYIm1S9ujgpg2Km5rpUnR9dRB
directory /var/lib/ldap/ TLSCipherSuite HIGH:MEDIUM:+SSLv2:+SSLv3:RSA TLSCertificateFile /etc/openldap/cacerts/server.crt TLSCertificateKeyFile /etc/openldap/cacerts/server.key TLSCACertificateFile /etc/openldap/cacerts/ca.crt TLSVerifyClient allow TLSProtocolMin 3.0 <<<<<<
openssl s_client -connect my-domain.com:636 -CAfile /etc/openldap/cacerts/ca.crt -ssl3
3080775424:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1407:SSL alert number 40 CONNECTED(00000003)
no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 66 bytes Verification: OK
New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : SSLv3 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1534768521 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no
Ok, take it back, all works, the system was not upgraded when I tested.
ldapsearch still works
This update has been submitted for batched by bodhi.
This update has been submitted for stable by bodhi.
This update has been pushed to stable.