The replication worked with 2.4.44-r1 anyway. In the main section I have these entries:
security tls=1 TLSProtocolMin 3.3 TLSCipherSuite HIGH:MEDIUM:!SSLv2:!SSLv3 TLSCertificateFile /etc/ssl/openldap/dannatu.ch.pem TLSCertificateKeyFile /etc/ssl/openldap/dannatu.ch.key TLSCACertificateFile /etc/ssl/certs/dannatuCA-cacert.pem Have also added these entries to syncrepl now, but without any success: tls_cert=/etc/ssl/openldap/dannatu.ch.pem tls_key=/etc/ssl/openldap/dannatu.ch.key tls_cacert=/etc/ssl/certs/dannatuCA-cacert.pem Still works with 2.4.44-r1, but not with 2.4.45. Juergen -----Original Message----- From: Quanah Gibson-Mount [mailto:[email protected]] Sent: Thursday, June 22, 2017 5:12 PM To: Sprenger Jürgen, INI-ON-CIS-SDI-HES <[email protected]>; [email protected] Subject: Re: syncrepl fails after upgrade to openldap 2.4.45 --On Thursday, June 22, 2017 10:25 AM +0000 [email protected] wrote: > syncrepl rid=000 > provider=ldaps://ldap.dannatu.ch:636 > type=refreshAndPersist > retry="5 5 300 +" > searchbase="dc=dannatu,dc=ch" > attrs="*,+" > scope=sub > bindmethod=simple > binddn="cn=Manager,dc=dannatu,dc=ch" > credentials=************** I don't see anything here configuring for syncrepl to find the CA for your server cert. I.e., something like tls_cacertdir=<path> --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>
