[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Again problems with slurpd
Hello Harry,
Saturday, August 03, 2002, 3:21:54 PM, you wrote:
HR> Hi everybody,
HR> after having changed my certificates for SSL/TLS i was happy to
HR> try replication with v2.1.3 again.
HR> Unluckily with no success.
HR> First, my configuration-files :
HR> 1) replication server (slapd-replication.conf):
[snip]
HR> 2) ldap.conf
[snip]
HR> HOST ldap.hrnet.de:5389 ldaps.hrnet.de:5636
[snip]
HR> TLS hard
HR> Here's what slurpd says, when it comes to replication :
HR> ------------------snipp------
HR> Retrying operation for DN
HR> uid=gast,ou=Users,ou=accounts,ou=mynetwork,o=myorganization,dc=hrnet,dc=de
HR> on replica 486dx66.hrnet.de:5389
HR> Initializing session to 486dx66.hrnet.de:5389
[snip]
HR> It seems, that there's an error with TLS, but i can't see,
HR> what's wrong.
HR> Any suggestions/hints from the list ?
As I know, setting `TLS hard' enforces TLS (i.e. no STARTTLS happens).
It has the same effect as connecting by `ldaps://' URL scheme.
So, Your slurpd tries to connect to `ldap://' server port 5389 with
`ldaps://' scheme (is should either try 5636 or set TLS=never with
5389).
You may try to:
1) connect to ldaps.hrnet.de:5636 with ldap.conf `TLS=hard'
2) set slapd.conf replica `tls=critical', ldap.conf `TLS=never',
server ldap.hrnet.de:5389 -- this goes with STARTTLS.
And please tell me what You've got.
--
Best regards,
Peter mailto:spam4octan@highway.ru