[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Unknown CA error - replication

McMaster, Michael wrote:

I have searched the list archives *exhaustively*, and it seems like I'm
doing everything right...

I am trying to set up replication between two LDAP servers.  Both use
OpenLDAP 2.2.15, compiled with TLS support.  Using the OpenLDAP TLS
howto as a guide, I created a self-signed CA certificate, and used it to
create both the server and client certs.  I was careful to put each
machine's FQDN in the subject field.  In my master's slapd.conf, I have:

TLSCertificateFile /etc/cert/newcert.pem
TLSCertificateKeyFile /etc/cert/newreq.pem
TLSCACertificateFile /etc/cert/demoCA/cacert.pem

In the client's /etc/ldap.conf, I included:
TLS_CACERT /etc/cert/demoCA/cacert.pem

This should probably be the ldap.conf in the same directory as your slapd.conf (unless you have patched openldap to use a different location or you have symlinks or similar), which I assume is not in /etc ...


Buchan Milne                      Senior Support Technician
Obsidian Systems                  http://www.obsidian.co.za
B.Eng                                RHCE (803004789010797)