[Date Prev][Date Next] [Chronological] [Thread] [Top]

Replication and SSL



I am trying to setup secure replication between two systems using slurpd and SSL.  I am running OpenLDAP version 2.0.27.  Currently I have a number of insecure replications on my local network that are setup like this:

 

replica    host=system3.integraonline.com

               binddn="cn=Replicator,o=Name"

               bindmethod=simple

               credentials=PASS

 

I want to keep those and add a secure one to a remote site.  Here is what I have for the configuration of it:

 

replica     host=system2.integraonline.com:636

                binddn="cn=Replicator,o=Name?

                bindmethod=simple

                credentials=PASS

 

I also have created a SSL certificate:

 

TLSCertificateFile      /private/openldap-2.0.27/etc/openldap/server.pem

TLSCertificateKeyFile   /private/openldap-2.0.27/etc/openldap/server.pem

TLSCACertificateFile    /private/openldap-2.0.27/etc/openldap/server.pem

 

The information makes it to the slurpd.replog.  Here is what slurpd says about it:

 

Error: ldap_simple_bind_s for dr-data-1.integraonline.com:636 failed: Can't contact LDAP server

 

So, I did some command line testing:

 

ldapmodify -D "cn=Replicator,o=Name" -H ldaps://system2.integraonline.com -w PASS

This works fine.

 

ldapmodify -D "cn=Replicator,o=Name" -h dr-data-1.integraonline.com:636 -w PASS

This fails with the following error message:

ldap_bind: Can't contact LDAP server

 

What as I doing wrong here?  Any help would be appreciated.

 

Thanks,

 

Luke Miller

millerlu@integraonline.com