[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Unknown CA error - replication

To: "McMaster, Michael" <michael.mcmaster@etrade.com>
Subject: Re: Unknown CA error - replication
From: Buchan Milne <bgmilne@obsidian.co.za>
Date: Fri, 01 Oct 2004 11:32:40 +0200
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <C619BCB44DE4A540BFE40412B3AAC5D40239D1D9@atl1ex2.corp.etradegrp.com>
References: <C619BCB44DE4A540BFE40412B3AAC5D40239D1D9@atl1ex2.corp.etradegrp.com>
User-agent: Mozilla Thunderbird 0.7.3 (X11/20040806)

McMaster, Michael wrote:

Hello,

I have searched the list archives *exhaustively*, and it seems like I'm doing everything right...

I am trying to set up replication between two LDAP servers.  Both use
OpenLDAP 2.2.15, compiled with TLS support.  Using the OpenLDAP TLS
howto as a guide, I created a self-signed CA certificate, and used it to
create both the server and client certs.  I was careful to put each
machine's FQDN in the subject field.  In my master's slapd.conf, I have:

TLSCertificateFile /etc/cert/newcert.pem
TLSCertificateKeyFile /etc/cert/newreq.pem
TLSCACertificateFile /etc/cert/demoCA/cacert.pem

In the client's /etc/ldap.conf, I included:
TLS_CACERT /etc/cert/demoCA/cacert.pem

This should probably be the ldap.conf in the same directory as your slapd.conf (unless you have patched openldap to use a different location or you have symlinks or similar), which I assume is not in /etc ...

Regards,
Buchan

--
Buchan Milne                      Senior Support Technician
Obsidian Systems                  http://www.obsidian.co.za
B.Eng                                RHCE (803004789010797)

Prev by Date: RE: How can I import huge amount of data as quickly as possible?
Next by Date: RE: Config Question Re BDB version
Index(es):
- Chronological
- Thread