Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 752949
Summary: | ldap_bind: Can't contact LDAP server via SSL | ||
---|---|---|---|
Product: | [Fedora] Fedora EPEL | Reporter: | Eugene <e.torkhov> |
Component: | nagios-plugins | Assignee: | Ohad Levy <ohadlevy> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | el6 | CC: | dougsland, dpal, jose.p.oliveira.oss, lemenkov, linux, ondrejj |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | nagios-plugins-2.1.4-2.fc25 nagios-plugins-2.1.4-2.fc24 nagios-plugins-2.1.4-2.el6 nagios-plugins-2.1.4-2.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-12-27 21:21:46 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Eugene
2011-11-10 20:21:39 UTC
Eugene, Would you mind testing nagios-plugins 1.4.16 (that has just been pushed for rawhide) and see if the problem still persists? From the nagios-plugins 1.4.16 release notes (http://nagiosplugins.org/nagiosplugins-1.4.16): --------- ... Fixes: ... * Fix check_ldap overriding the port when --ssl was specified after -p ... -------- tia, jpo With 1.4.16 I've got more descriptive message: ldap_bind: Can't contact LDAP server (-1) additional info: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user. Could not bind to the LDAP server Really, Thawte introduce intermediate certificates, so now we have certificates chain for this server. But any certificate in chain must be trusted. openssl shows: depth=3 C = ZA, ST = Western Cape, L = Cape Town, O = Thawte Consulting cc, OU = Certification Services Division, CN = Thawte Premium Server CA, emailAddress = premium-server verify return:1 depth=2 C = US, O = "thawte, Inc.", OU = Certification Services Division, OU = "(c) 2006 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA verify return:1 depth=1 C = US, O = "Thawte, Inc.", CN = Thawte SSL CA verify return:1 depth=0 ...our company certificate... verify return:1 --- Certificate chain 0 s:<...our company certificate...> i:/C=US/O=Thawte, Inc./CN=Thawte SSL CA 1 s:/C=US/O=Thawte, Inc./CN=Thawte SSL CA i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA 2 s:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server 3 s:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server --- Server certificate -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- subject=...our company certificate... issuer=/C=US/O=Thawte, Inc./CN=Thawte SSL CA --- Acceptable client certificate CA names /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA /C=US/O=Thawte, Inc./CN=Thawte SSL CA --- SSL handshake has read 4686 bytes and written 451 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: 0956B35F076A8B2973EBA918F4D84537ADC446BDF6C3E75A381EE1B11B9B1C8E Session-ID-ctx: Master-Key: BC465280405936A93F1E1983BFAE851118D2B95650A96882E280862E2DA05E125456F178B11973B2B31601056328B5C2 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1342070086 Timeout : 300 (sec) Verify return code: 0 (ok) --- nagios-plugins-2.1.4-2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-8ada3d2a1f nagios-plugins-2.1.4-2.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-dc9e470823 nagios-plugins-2.1.4-2.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-f30fae0f67 nagios-plugins-2.1.4-2.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-8586235698 nagios-plugins-2.1.4-2.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-17165c490b nagios-plugins-2.1.4-2.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-17165c490b nagios-plugins-2.1.4-2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-8ada3d2a1f nagios-plugins-2.1.4-2.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-f30fae0f67 nagios-plugins-2.1.4-2.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-dc9e470823 nagios-plugins-2.1.4-2.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-8586235698 nagios-plugins-2.1.4-2.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report. nagios-plugins-2.1.4-2.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. nagios-plugins-2.1.4-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. nagios-plugins-2.1.4-2.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report. |