Just updated slapd.conf with CA Certs and trying to get mirroring
synchronization to work.
Running into the following:
slapd -d sync
@(#) $OpenLDAP: slapd 2.4.23 (Feb 3 2014 19:11:35) $
[email protected]:/builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd
/etc/openldap/slapd.conf: line 163: warning, destination attributeType
'sAMAccountName' is not defined in schema
PROXIED attributeDescription "SAMACCOUNTNAME" inserted.
/etc/openldap/slapd.conf: line 213: rootdn is always granted unlimited
privileges.
bdb_monitor_db_open: monitoring disabled; configure monitor database to
enable
slapd starting
TLS: error: the certificate '/etc/openldap/certs/ldap_example_net.crt'
could not be found in the database - error -12285:Unable to find the
certificate or key necessary for authentication..
TLS: certificate '/etc/openldap/certs/ldap_example_net.crt' successfully
loaded from PEM file.
TLS: no unlocked certificate for certificate
'CN=ldap.example.net,O="xx-xxxxxxx, INC.",L=xxxx,ST=xxxxxx,C=US'.
do_syncrep2: rid=001 LDAP_RES_INTERMEDIATE - REFRESH_DELETE
In my slapd.conf I have setup (Provider setup):
TLSCertificateFile /etc/openldap/certs/ldap_example_net.crt
TLSCertificateKeyFile /etc/openldap/certs/ldap_example_net.key
TLSCACertificateFile /etc/openldap/certs/CAcompany.crt
serverID 1
overlay syncprov
#syncprov-checkpoint 100 10
syncprov-checkpoint 100 2
syncprov-sessionlog 100
#LDAP Sync - Slave - Consumer
syncrepl rid=001
provider=ldaps://ldap-west.examplel.net
bindmethod=simple
binddn="cn=xxxxx,ou=Roles,dc=pcoral,dc=net"
credentials=xxxxxxxxxxxx
searchbase="dc=example,dc=net"
filter="(objectclass=*)"
attrs="*"
schemachecking=on
type=refreshAndPersist
interval=00.00.00:30
retry="60 +"
mirrormode on
So, not sure why the synchronization isn't working?
Thanks!!!
