Hi,
I'm having problem to run the replica LDAP with TLS, without TLS, all works
!!
Provider and Consumer are identical
CentOS release 6.5
Provider config, file cn\=config.ldif
olcTLSCACertificateFile: /etc/openldap/certs/ldapscert.pem
olcTLSCertificateFile: /etc/openldap/certs/ldapscert.pem
olcTLSCertificateKeyFile: /etc/openldap/certs/keys/ldapskey.pem
olcTLSCipherSuite: TLSv1+RSA:!EXPORT:!NULL
olcTLSVerifyClient: never
Consumer config:
olcSyncrepl: {0}rid=000
provider=ldap://ldpsoc01devpom.sociale.it
starttls=yes
type=refreshonly
retry="5 5 300 +"
searchbase="dc=example,dc=it"
attrs="*,+"
bindmethod=simple
binddn="uid=rsync,ou=admin_bind,ou=Utenze_Amministratori,dc=example,dc=it"
credentials=xxxxxxx
interval=60
the certificate is self-signed
On the slave, if I try the following command:
ldapsearch -ZZ -x -H ldap://ldpsoc01devpom -D
'uid=rsync,ou=admin_bind,ou=Utenze_Amministratori,dc=example,dc=it' -W
'objectclass=*' -v
everything is ok but when I try to use TLS in replication, the process goes
wrong.
In the Provider log:
connection_get(16)
connection_get(16): got connid=1030
connection_read(16): checking for input on id=1030
connection_read(16): TLS accept failure error=-1 id=1030, closing
connection_closing: readying conn=1030 sd=16 for close
connection_close: conn=1030 sd=16
daemon: activity on 1 descriptor
daemon: activity on:
In the Consumer log:
slapd[6508]: =>do_syncrepl rid=000
slap_client_connect: URI=ldap://ldpsoc01devpom.sociale.it Warning,
ldap_start_tls failed (-11)
slap_client_connect: URI=ldap://ldpsoc01devpom.sociale.it
DN="uid=bind_replica,ou=admin_bind,ou=utenze_amministratori,dc=sociale,dc=it"
ldap_sasl_bind_s failed (-1)
do_syncrepl: rid=000 rc -1 retrying (3 retries left)
daemon: activity on 1 descriptor
daemon: activity on:
on OpenLdap forum, they told me that :
Get a real version of OpenLDAP that isn't linked to the broken MozNSS
libraries and is current (2.4.40 is the current release).
and so I was wondering if the version that released you is suffering from
this problem or am I wrong configuration !!!
Thanks
best regards
Ing. Stefano Elmopi
Cooperativa Capodarco - Resp. Area ICT Gestione Esercizio
Via Ostiense 131/L Corpo B, 00154 Roma
cell. 3466147165
tel. 0657060500
email:[email protected]
--
"Ai sensi e per gli effetti della legge sulla tutela dei dati personali
(D.lgs 196/2003),
le informazioni contenute nella presente @mail sono di natura riservata e
destinate
ad un uso aziendale-lavorativo con esclusione di utilizzi ad uso personale;
come tali,
pertanto, sono riservate esclusivamente ai destinatari sopra indicati. E'
proibito leggere,
copiare, usare o diffondere il contenuto della presente @mail senza
autorizzazione.
Se avete ricevuto questa @mail per errore, siete pregati di rispedire la
stessa al mittente.
Grazie"
_______________________________________________
ltb-users mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-users
