directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <>
Subject [jira] [Commented] (DIRSTUDIO-1173) StartTLS fails when required by LDAP service
Date Thu, 01 Mar 2018 09:03:00 GMT


Emmanuel Lecharny commented on DIRSTUDIO-1173:

There is no reason for the {{ManageDSAIT}} control to be used. Can you check your connection
properties (Browser Options tab) if the 'controls' part has 'Use ManageDSAIT control while
browsing' selected ?

That being said, the {{ManageDSAIT}} control should not have any impact on the {{StartTLS}}
operation, however, it's always good to eliminate side effects.

> StartTLS fails when required by LDAP service
> --------------------------------------------
>                 Key: DIRSTUDIO-1173
>                 URL:
>             Project: Directory Studio
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M13
>         Environment: Windows 10 Pro 64bit
>            Reporter: Anthony Winstanley
>            Priority: Major
> We have 389-ds sitting behind an f5 load balancer. The load balancer requires connections
on port 389 to use StartTLS. It makes connections to the 389-ds servers on port 389 using
> If I connect directly to port 389 on a 389-ds server with "Use StartTLS extension", the
connection is fine. If I change the hostname of this connection to the load-balanced hostname,
I get:
> "The connection failed - [LDAP: error code 48 - STARTTLS required]"
> However, ldapsearch successfully makes STARTTLS connections through the load balancer
> ldapsearch -x -H ldap:// -ZZ
> My guess is that ADS is not activating StartTLS soon enough when connecting to port 389...
which is fine if the connection doesn't require the use of StartTLS, but unworkable when it
> Of course, I'm hoping this is an easy fix...

This message was sent by Atlassian JIRA

View raw message