[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Again problems with slurpd

Hello Harry,

Saturday, August 03, 2002, 3:21:54 PM, you wrote:

HR> Hi everybody,

HR> after having changed my certificates for SSL/TLS i was happy to 
HR> try replication with v2.1.3 again.

HR> Unluckily with no success.

HR> First, my configuration-files :

HR> 1) replication server (slapd-replication.conf):
HR> 2) ldap.conf

HR> HOST ldap.hrnet.de:5389 ldaps.hrnet.de:5636
HR> TLS hard

HR> Here's what slurpd says, when it comes to replication :

HR> ------------------snipp------
HR> Retrying operation for DN
HR> uid=gast,ou=Users,ou=accounts,ou=mynetwork,o=myorganization,dc=hrnet,dc=de
HR> on replica 486dx66.hrnet.de:5389
HR> Initializing session to 486dx66.hrnet.de:5389

HR> It seems, that there's an error with TLS, but i can't see,
HR> what's wrong.
HR> Any suggestions/hints from the list ?

As I know, setting `TLS hard' enforces TLS (i.e. no STARTTLS happens).
It has the same effect as connecting by `ldaps://' URL scheme.
So, Your slurpd tries to connect to `ldap://' server port 5389 with
`ldaps://' scheme (is should either try 5636 or set TLS=never with

You may try to:
1) connect to ldaps.hrnet.de:5636 with ldap.conf `TLS=hard'
2) set slapd.conf replica `tls=critical', ldap.conf `TLS=never',
   server ldap.hrnet.de:5389 -- this goes with STARTTLS.

And please tell me what You've got.

Best regards,
 Peter                            mailto:spam4octan@highway.ru