Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-3445

When the LDAP port is not accessible, ds-cfg-symmetric-key values are not being replicated correctly

    XMLWordPrintable

    Details

      Description

      When the LDAP port of a source server is not accessible. Reasons being:

      • ds-cfg-reject-unauthenticated-requests is set to true (in config.ldif)
      • only the LDAPS connection handler is enabled (in config.ldif)
      • a firewall blocks access to the LDAP port

      In such cases, ds-cfg-symmetric-key values for secret keys in cn=admin data are not replicated correctly.

      Normally, each replica will add its own value for ds-cfg-symmetric-key, encrypted with its own cert.
      This does not happen when ds-cfg-reject-unauthenticated-requests=true.

      Also, looks like an unauthenticated LDAP request is made from the replica. See attached image

        Attachments

          Activity

            People

            Assignee:
            matthew Matthew Swift
            Reporter:
            pvarga Peter Varga [X] (Inactive)
            Dev Assignee:
            Matthew Swift Matthew Swift
            QA Assignee:
            carole forel carole forel
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: