[Date Prev][Date Next] [Chronological] [Thread] [Top]

Replication and SSL

I am trying to setup secure replication between two systems using slurpd and SSL.  I am running OpenLDAP version 2.0.27.  Currently I have a number of insecure replications on my local network that are setup like this:


replica    host=system3.integraonline.com





I want to keep those and add a secure one to a remote site.  Here is what I have for the configuration of it:


replica     host=system2.integraonline.com:636





I also have created a SSL certificate:


TLSCertificateFile      /private/openldap-2.0.27/etc/openldap/server.pem

TLSCertificateKeyFile   /private/openldap-2.0.27/etc/openldap/server.pem

TLSCACertificateFile    /private/openldap-2.0.27/etc/openldap/server.pem


The information makes it to the slurpd.replog.  Here is what slurpd says about it:


Error: ldap_simple_bind_s for dr-data-1.integraonline.com:636 failed: Can't contact LDAP server


So, I did some command line testing:


ldapmodify -D "cn=Replicator,o=Name" -H ldaps://system2.integraonline.com -w PASS

This works fine.


ldapmodify -D "cn=Replicator,o=Name" -h dr-data-1.integraonline.com:636 -w PASS

This fails with the following error message:

ldap_bind: Can't contact LDAP server


What as I doing wrong here?  Any help would be appreciated.




Luke Miller