[Date Prev][Date Next] [Chronological] [Thread] [Top]

Delta-Sync w/ TLS troubles

To: openldap-software@openldap.org
Subject: Delta-Sync w/ TLS troubles
From: Peter Clark <clarkp@mtmary.edu>
Date: Tue, 30 Jun 2009 14:12:08 -0500
User-agent: Thunderbird 2.0.0.22 (Windows/20090605)

Hello,

I have a FreeBSD 7.2 Release box with openldap-2.4.16 installed on it. I
have followed the Admin guide to setting up Delta-Sync replication and
it works as long as I do not use either the "ldaps" or "starttls=yes" on
the slave. ie:

syncrepl  rid=0
        provider=ldap://joe.pdq.edu
        starttls=yes
        bindmethod=simple
        binddn="cn=ldaproot,dc=pdq,dc=edu"
        credentials="XXXXXXXXX"
        searchbase="dc=pdq,dc=edu"
        logbase="cn=accesslog"
        logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
        schemachecking=on
        type=refreshAndPersist
        retry="60 +"
        syncdata=accesslog

or

syncrepl  rid=0
        provider=ldaps://joe.pdq.edu
        bindmethod=simple
        binddn="cn=ldaproot,dc=mtmary,dc=edu"
        credentials="XXXXXXXX"
        searchbase="dc=pdq,dc=edu"
        logbase="cn=accesslog"
        logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
        schemachecking=on
        type=refreshAndPersist
        retry="60 +"
        syncdata=accesslog


I have set my loglevel to -1 on both boxes and the only thing that shows
up in the logs referring to tls is:

(Master server)
slapd[9572]: conn=1 op=0 EXT oid=1.3.6.1.4.1.1466.20037
slapd[9572]: do_extended: oid=1.3.6.1.4.1.1466.20037
slapd[9572]: conn=1 op=0 STARTTLS
slapd[9572]: send_ldap_extended: err=0 oid= len=0
slapd[9572]: send_ldap_response: msgid=1 tag=120 err=0
slapd[9572]: conn=1 op=0 RESULT oid= err=0 text=
slapd[9572]: daemon: activity on 1 descriptor
slapd[9572]: connection_read(16): checking for input on id=1
slapd[9572]: connection_read(16): TLS accept failure error=-1 id=1, closing
slapd[9572]: connection_closing: readying conn=1 sd=16 for close
slapd[9572]: connection_close: conn=1 sd=16
slapd[9572]: daemon: removing 16
slapd[9572]: conn=1 fd=16 closed (TLS negotiation failure)


(Slave Server)
slapd[10846]: =>do_syncrepl rid=000
slapd[10846]: daemon: activity on 1 descriptor
slapd[10846]: daemon: waked
slapd[10846]: daemon: select: listen=6 active_threads=0 tvp=zero
lapd[10846]: daemon: select: listen=7 active_threads=0 tvp=zero
slapd[10846]: daemon: select: listen=8 active_threads=0 tvp=zero
slapd[10846]: daemon: select: listen=9 active_threads=0 tvp=zero
slapd[10846]: slap_client_connect: URI=ldap://joe.pdq.edu Warning,
ldap_start_tls failed (-11)
slapd[10846]: slap_client_connect: URI=ldap://joe.pdq.edu
DN="cn=ldaproot,dc=pdq,dc=edu" ldap_sasl_bind_s failed (-1)

Is there some way to see what exactly is failing between the units? Ihave tried the credentials line with quotes around the password andwithout. I have made sure the provider= the fqdn of the master. Any helpwould be appreciated.



Peter.

Follow-Ups:
- Re: Delta-Sync w/ TLS troubles
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: RE: Multimaster question
Next by Date: Re: Delta-Sync w/ TLS troubles
Index(es):
- Chronological
- Thread