Gémes Géza wrote:
Gavin Henry írta:
----- "Gémes Géza"<[EMAIL PROTECTED]> wrote:
dn:cn=config
just like expected (ldapsearch and friends are also working on both
sides and cross).
Just to be sure I've exported the LDAPCONF variable in the slapd
startup
script.
But syncrepl doesn't work!
slapd no longer reads any external LDAP configuration files. The TLS options
must be added to the syncrepl config statement. Read the slapd.conf(5) manpage.
On the logs (olcLogLevel=-1):
slap_client_connect: URI=ldaps://first-or-second-ldap-server
ldap_sasl_interactive_bind_s failed (-6)
connection_read(20): unable to get TLS client DN, error=49 id=23
Are you trying to StartTLS on an SSL (ldaps://) connection? That won't work.
However a simple ldapwhoami or ldapsearch works. The ldaprc used is:
BASE dc=kzsdabas,dc=hu
URI ldaps://first-ldap-server ldaps://second-ldap-server
TLS_CACERT /etc/ssl/certs/ca.crt
TLS_CERT /etc/ldap/syncrepl.crt
TLS_KEY /etc/ldap/syncrepl.key
TLS_REQCERT demand
SASL_MECH external
SASL_AUTHCID cn=LDAP Syncrepl Client,ou=LDAP Server,o=Kossuth
Zsuzsanna SZKI,l=Dabas,st=Pest,c=HU
Just to be sure now I've tried to change the providers to ldap://...,
but without luck. Now it just reports in the logs:
slap_client_connect: URI=ldaps://first-or-second-ldap-server
ldap_sasl_interactive_bind_s failed (-6)
Thanks for any idea.
Geza
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
