[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS slurpd fails



My suspicion (though I have nothing to point you towards to verify this with) is that the credentials for replication cannot be a hash of any sort.  I've tried something similar and it works with a plain text password but not the same password hash used for the rootdn.
Jason

-----Original Message-----
From: Rick Blocker [mailto:rblocker@uchicago.edu]
Sent: Tuesday, July 23, 2002 3:47 PM
To: openldap-software@OpenLDAP.org
Subject: TLS slurpd fails


Hello,

I wonder if someone can help me. I'm having problems with secure
replication using TLS. slapd on the slave host will not accept
connections from slurpd using TLS even though an ldapsearch from the
same host using TLS is accepted.  The logs on the slave host show a
seemingly generic error:

        slapd[8896]: daemon: activity on 1 descriptors
        slapd[8896]: daemon: new connection on 9
        slapd[8896]: daemon: conn=27 fd=9 connection from
IP=xxx.xxx.xxx.xxx:3278 (IP=0.0.0.0:31746) accepted.
        slapd[8896]: daemon: added 9r
        slapd[8896]: daemon: activity on:
        slapd[8896]:
        slapd[8896]: daemon: select: listen=6 active_threads=0 tvp=NULL
        slapd[8896]: daemon: activity on 1 descriptors
        slapd[8896]: daemon: activity on:
        slapd[8896]:  9r
        slapd[8896]:
        slapd[8896]: daemon: read activity on 9
        slapd[8896]: connection_get(9)
        slapd[8896]: connection_get(9): got connid=27
        slapd[8896]: connection_read(9): checking for input on id=27
        slapd[8896]: connection_read(9): TLS accept error error=-1
id=27,
closing
        slapd[8896]: connection_closing: readying conn=27 sd=9 for close
        slapd[8896]: connection_close: conn=27 sd=9
        slapd[8896]: daemon: removing 9
        slapd[8896]: conn=-1 fd=9 closed
        slapd[8896]: daemon: select: listen=6 active_threads=0 tvp=NULL
        slapd[8896]: daemon: activity on 1 descriptors
        slapd[8896]: daemon: select: listen=6 active_threads=0 tvp=NULL


My slapd.config file on the master host:

        replica host=slavehost.something.org:636 tls=yes
                binddn="cn=admin,o=myorg,c=us"
                bindmethod=simple
credentials={crypt}$1$gnKfjngh$iyxgvr77jgh6OsKlO63jfh


Does anyone have any ideas?

Best,

Rick