[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Replication in v2.1.2: TLS-error

To: Harry Ruter <harry_rueter@gmx.de>, <OpenLDAP-software@OpenLDAP.org>
Subject: RE: Replication in v2.1.2: TLS-error
From: "Howard Chu" <hyc@highlandsun.com>
Date: Sun, 7 Jul 2002 21:35:54 -0700
Importance: Normal
In-reply-to: <3D281A87.92BE5A2B@gmx.de>

By the way, the reason this behavior changed in 2.1 was to conform to the
server verification requirements in RFC 2830. You should be able to make your
setup work by configuring the CACERT options to point to your self-signed
cert.
Since you have two different self-signed certs, one for master and one for
slave,
you should cat them both into a single file. Then, in slapd.conf of both the
master and slave you should specify TLSCACertificateFile with the file you
just created.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Harry Ruter
> Sent: Sunday, July 07, 2002 3:40 AM
> To: OpenLDAP-software@OpenLDAP.org
> Subject: Replication in v2.1.2: TLS-error
>
>
> Hi,
>
> i'm trying to do replication with v2.1.2.
>
> The twao serves are installed on the same machine,
> with different ports (master:3389,3636;replica: 4389,4636).
>
> Both servers are running,
> but when it come's to replication slurpd says :
>
> --------------snipp-------------------------------------
>
> ber_flush: 31 bytes to sd 10
> request 1 done
> TLS certificate verification: Error, self signed certificate
> TLS: can't connect.
> Warning: ldap_start_tls failed: Connect error (91)
> ber_flush: 761 bytes to sd 10
> Error: LDAP SASL for ldap.hrnet.de:5389 failed: Can't
> contact LDAP server
> ber_flush: 7 bytes to sd 10
> --------------snipp-------------------------------------
>
> The replica-server says :
>
> --------------snipp-------------------------------------
> ber_flush: 14 bytes to sd 15
> TLS: can't accept.
> TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
> unknown ca s3_pkt.c:956
> conn=4 fd=15 closed
> --------------snipp-------------------------------------
>
> I made two different certificates, one for the
> master- one for the replica-server.
>
> I've done this before with version 2.0.25,
> where it works fine ...
>
> Any suggestions ?
>
>
> greets Harry

References:
- Replication in v2.1.2: TLS-error
  - From: Harry Rüter <harry_rueter@gmx.de>

Prev by Date: Re: Replication in v2.1.2: TLS-error
Next by Date: Problem with Roaming Access
Index(es):
- Chronological
- Thread