[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slave slapd doesn't accept bind from slurpd

George Betzos wrote:
Hello, I am trying to set up a slave slapd to function as a backup server to a system I am seting up and slurpd on the server fails to connect to the backup slapd (it is rejected with the indication "Invalid credentials"). I am debugging this setup for some time now and I have a feeling that something with authentication and encryption mechanisms is not properly set up, rather than a bug. Both hosts are P4 machines running redhat fedora (fully updated). I have setup openldap to use TLS (no SASL or anything else) and I have created the cerificates and keys. For the time being I am just testing the system (no system authentication transferred to ldap, yet). I tried to check the source code if I can figure out what is going on and with a minor modification I managed to get the system to work with cleartext passwords. I am sending some debugging messages in case someone sees something familiar. I have checked the archives and couldn't find anything relevant. I would appreciate very much any suggestions. Many Thanks. George Betzos betzos@europe.com ---------------------------------------------------------------------------------------------- Log snippets follow, first without my modification and then with it and using cleartext passwords ...

At a guess there's something wrong with the certificate(s). Some things to try:

1) Check that the binddn in the master slapd.conf corresponds with the updatedn in the replica slapd.conf.

2) Remove tls from the replica lines and check that replication works ok.

3) Try ldapsearch -ZZ -H ldap://your.replica/ -D 'cn=backup,dc=uol,dc=bz' -W etc, etc

4) Test the certificates:
openssl s_client -connect name.of.replica:636 -CAfile /path/to/your/CA.pem

Dave Lewney
Principal Systems Programmer, IT Services
University of Sussex, Brighton BN1 9QJ. Tel: 01273 678354 Fax: 01273 271956