Le 2017-06-02 17:46, r0m5 a écrit : > Le 2017-06-02 16:55, Quanah Gibson-Mount a écrit : > --On Friday, June 02, 2017 11:01 AM +0200 r0m5 <[email protected]> wrote: > > Hello, > > I am facing an issue with syncrepl and STARTTLS on 389 port. The kind of > problem happening only sometimes, and disappearing "by itself". I use > Debian Jessie, OpenLDAP 2.4.40+dfsg-1+deb8u2. > 2.4.40 is 2.5 years old, 5 point releases behind, and had significant known > replication issues. I believe there is a build of 2.4.44 in backports for > Jessie. I would advise using that instead. > > As far as debug logging, you would need to use "-d -1" to slapd, rather than > attempting to set the loglevel to -1, as some debug logging is only possible > via the slapd daemon. But your first step is to move to a current release. > > --Quanah > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com>
Hello ! Thanks for your reply. I just upgraded the preproduction environment provider and consumers to the jessie-backports version. I will check the prod to preprod injections during the next days then let you know. Have a good weekend ! Hello ! I upgraded to 2.4.44 but still had problems (less, though). So I used "-d -1" with slapd instead of olcLoglevel as you said then I noticed there was a problem with certificate validation even with using demand or allow for TLS reqcert in olcSyncrepl and in /etc/ldap/ldap.conf. I was at that time using self-signed certificates. So I set up a PKI and now it looks OK regarding syncrepl. So I guess my problem might be related to ITS#8427, which I didn't see before posting here. I still have issues though, with applications randomly failing STARTTLS to my consumers :-( Regards,
