[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Multimaster SASL/EXTERNAL (TLS client cert) error
Howard Chu Ãrta:
> GÃmes GÃza wrote:
>> Gavin Henry Ãrta:
>>> ----- "GÃmes GÃza"<geza@kzsdabas.hu> wrote:
>>>> dn:cn=config
>>>> just like expected (ldapsearch and friends are also working on both
>>>> sides and cross).
>>>> Just to be sure I've exported the LDAPCONF variable in the slapd
>>>> startup
>>>> script.
>>>> But syncrepl doesn't work!
>
> slapd no longer reads any external LDAP configuration files. The TLS
> options must be added to the syncrepl config statement. Read the
> slapd.conf(5) manpage.
Many thanks, now it works like charm!
>
>>>> On the logs (olcLogLevel=-1):
>>>> slap_client_connect: URI=ldaps://first-or-second-ldap-server
>>>> ldap_sasl_interactive_bind_s failed (-6)
>>>> connection_read(20): unable to get TLS client DN, error=49 id=23
>>>>
>>> Are you trying to StartTLS on an SSL (ldaps://) connection? That
>>> won't work.
>>>
>>>
>> However a simple ldapwhoami or ldapsearch works. The ldaprc used is:
>>
>> BASE dc=kzsdabas,dc=hu
>> URI ldaps://first-ldap-server ldaps://second-ldap-server
>> TLS_CACERT /etc/ssl/certs/ca.crt
>> TLS_CERT /etc/ldap/syncrepl.crt
>> TLS_KEY /etc/ldap/syncrepl.key
>> TLS_REQCERT demand
>> SASL_MECH external
>> SASL_AUTHCID cn=LDAP Syncrepl Client,ou=LDAP Server,o=Kossuth
>> Zsuzsanna SZKI,l=Dabas,st=Pest,c=HU
>>
>>
>> Just to be sure now I've tried to change the providers to ldap://...,
>> but without luck. Now it just reports in the logs:
>>
>> slap_client_connect: URI=ldaps://first-or-second-ldap-server
>> ldap_sasl_interactive_bind_s failed (-6)
>>
>>
>>
>> Thanks for any idea.
>>
>> Geza
>>
>
>