Re: problems setting up replication server

[Howard Chu <hyc@symas.com>]

Andrew Higginbotham wrote:
> Hi,
>
> I am trying to setup a replication server using Openldap-2.3.27. I have set it 
> up (detailed below) and I get on the slave
>
> TLS: can't accept.
> TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol s23_srvr.c:580
>
> What is really strange is that I can log on and make manual modifications to 
> the slave from the master as the replication user with the password specified
> in slapd.conf (yes, over tls!).
>
> I was thinking it might be because of differing ssl versions, but I tried
> switching to SSLv3 and the config file and it had no effect.
>
> Does any one have some tips that would help me additionally debug this problem 
> or get an idea of where the failure is?
>
> // Relevant config file lines on master
> replica host=<<hostname>>:636
>         binddn="cn=replicator,dc=hmc,dc=edu"
>         tls=yes
>         bindmethod=simple
>         credentials=<<password>>

If you're using port 636 then you're most likely using ldaps. You need 
to use an ldaps:// uri here, not the host/tls options.
> // Relevant config lines on slave
> TLSCipherSuite HIGH:MEDIUM:+SSLv3
>
> updatedn        "cn=replicator,dc=hmc,dc=edu"
> updateref       ldaps://<<ref>>
>
>
> Thanks,
> Andrew
>
> .


--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/