[Date Prev][Date Next] [Chronological] [Thread] [Top]

Syncrepl with SASL External - SOLVED



I found out that the problem was double encrypting of the connection:

It works now if I set TLSVerifyClient to max. allow on the consumer side.
All stronger configurations end in:
CA unknown.


Thanks anyway

Angela


Here the concerning parts of the slapd.conf:
*****************************************************************
master:
...

...
TLSCACertificateFile    /etc/ldap/certs/cacert.pem
TLSCACertificatePath    /etc/ldap/certs
TLSCertificateFile      /etc/ldap/certs/erde.aag_cert.pem
TLSCertificateKeyFile   /etc/ldap/certs/erde.aag_key.pem

TLSVerifyClient         demand

*****************************************************************
 slave:


TLSCACertificateFile    /etc/ldap/certs/cacert.pem
TLSCACertificatePath    /etc/ldap/certs
TLSCertificateFile      /etc/ldap/certs/mond.aag_cert.pem
TLSCertificateKeyFile   /etc/ldap/certs/mond.aag_key.pem

##################
TLSVerifyClient         demand
##################

This has to be set to max allow.