[Date Prev][Date Next]
RE: Unknown CA error - replication
- To: <OpenLDAP-software@OpenLDAP.org>
- Subject: RE: Unknown CA error - replication
- From: "McMaster, Michael" <email@example.com>
- Date: Fri, 1 Oct 2004 12:50:04 -0400
- Content-class: urn:content-classes:message
- Thread-index: AcSnRsJONQGTbbYPSZWuG7Xkdd/xdwAItn0wABpE4TA=
- Thread-topic: Unknown CA error - replication
Sorry, I was unclear... I didn't make the certs for master and slave to
do two-way authentication during replication. I just made them so both
can send the certs to any clients that connect to them for accessing
data via LDAP. I realize that it's kind of irrelevant here. I just
wanted to emphasize I am using the same CA cert on both machines despite
the "unknown ca" error.
I am using RedHat, and I have made the changes to
/etc/openldap/ldap.conf as well as to /etc/ldap.conf just to be sure.
Not sure what all you mean by replication related dn info, but here is
what's in the master's slapd.conf:
On the client's slapd.conf:
Hope that helps. Thanks for the feedback.
From: Tay, Gary [mailto:Gary_Tay@platts.com]
Sent: Thursday, September 30, 2004 8:57 PM
To: McMaster, Michael
Subject: RE: Unknown CA error - replication
There are some unusual stuffs here u r doing.
Most people will NOT create client cert, and do only one-way "client
verifies server cert but server did not do the reverse".
/etc/ldap.conf is usually reserved for NSS_LDAP and PAM_LDAP, u should
put the cacert.pem in $ETC_OPENLDAP/ldap.conf, on Redhat this is
/etc/openldap/ldap.conf, or a default shld be
U shld post the replication related dn info. To the maillist. Do not fwd
my email to the list.
U may find my HOWTO useful, or not: