Salve alla lista
Non ho ancora risolto il problema, nonostante i suggerimenti di
Pierangelo. I file di configurazione sono i seguenti:
file /etc/openldap/slapd.conf server-master
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
TLSCertificateFile /etc/ssl/ldap-cert.pem
TLSCertificateKeyFile /etc/openldap/ssl/ldap-key.pem
TLSCACertificateFile /etc/ssl/ldap-cert-client.pem
TLSVerifyClient demand
log level 2048
database ldbm
replogfile /var/lib/ldap/openldap-master-replog
replica uri=ldaps://147.163.110.191:636
binddn="cn=AGSManager,dc=unipa,dc=it" bindmethod=simple credentials=test
suffix "dc=unipa,dc=it"
rootdn "cn=Manager,dc=unipa,dc=it"
rootpw test
directory /var/lib/ldap
# Indices to maintain for this database
index objectClass eq
index uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
index sambaSid eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
sizelimit -1
cachesize 10000
file
/etc/openldap/ldap.conf server-master
BASE dc=unipa,dc=it
URI ldap://127.0.0.1/
URI ldaps://localhost:636/
URI ldaps://147.163.110.191:636/
TLS_CERT /etc/ssl/ldap-cert.pem
TLS_CACERT /etc/ssl/ldap-cert-client.pem
file /etc/openldap/slapd.conf server-client
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
allow bind_v2
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
database ldbm
suffix "dc=unipa,dc=it"
rootdn "cn=Manager,dc=unipa,dc=it"
rootpw test
updatedn "cn=Manager,dc=unipa,dc=it"
updateref ldaps://147.163.110.190:636
directory /var/lib/ldap
TLSCertificateFile /etc/ssl/ldap-cert.pem
TLSCertificateKeyFile /etc/openldap/ssl/ldap-key.pem
TLSCACertificateFile /etc/ssl/ldap-cert-client.pem
#TLSVerifyClient demand
log level 2048
index objectClass eq
index uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
index sambaSid eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
sizelimit -1
cachesize 10000
file
/etc/openldap/ldap.conf server-client
BASE dc=unipa,dc=it
TLS_CACERTDIR /etc/openldap/cacerts
URI ldap://127.0.0.1/
URI ldaps://147.163.110.190:636/
TLS_CERT /etc/ssl/ldap-cert.pem
TLS_CACERT /etc/ssl/ldap-cert-client.pem
riavviando il servizio ldap sul server, monitorando il log sul client
ricevo questo messaggio
Feb 3 17:42:48 s...@backup02.cupa.unipa.it slapd[2687]: conn=156 fd=19
ACCEPT from IP=147.163.110.190:56381 (IP=0.0.0.0:636)
Feb 3 17:42:48 s...@backup02.cupa.unipa.it slapd[2687]: conn=156 fd=19
TLS established tls_ssf=256 ssf=256
Feb 3 17:42:48 s...@backup02.cupa.unipa.it slapd[2687]: conn=156 fd=19
closed (connection lost)
spero che qualcuno possa aiutarmi
grazie
Luigi
_______________________________________________
OpenLDAP mailing list
OpenLDAP@mail.sys-net.it
https://www.sys-net.it/mailman/listinfo/openldap
