works

works for me

The issue seems to be not fixed for i386 architecture. For the other it works.

openldap-2.4.46-2.fc28.i686

/etc/openldap/slapd.conf >>> include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema allow bind_v2 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args database config rootdn cn=Manager,cn=config

password is 'x'

rootpw x

database bdb suffix dc=my-domain,dc=com rootdn "cn=Manager,dc=my-domain,dc=com"

password is 'x'

rootpw {SSHA}tOSmeQCcYIm1S9ujgpg2Km5rpUnR9dRB

directory /var/lib/ldap/ TLSCipherSuite HIGH:MEDIUM:+SSLv2:+SSLv3:RSA TLSCertificateFile /etc/openldap/cacerts/server.crt TLSCertificateKeyFile /etc/openldap/cacerts/server.key TLSCACertificateFile /etc/openldap/cacerts/ca.crt TLSVerifyClient allow TLSProtocolMin 3.0 <<<<<<

openssl s_client -connect my-domain.com:636 -CAfile /etc/openldap/cacerts/ca.crt -ssl3

3080775424:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1407:SSL alert number 40 CONNECTED(00000003)

no peer certificate available

No client certificate CA names sent

SSL handshake has read 7 bytes and written 66 bytes Verification: OK

New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : SSLv3 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1534768521 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no

Ok, take it back, all works, the system was not upgraded when I tested.

ldapsearch still works