[Date Prev][Date Next]
Re: problems setting up replication server
On Wed, Nov 15, 2006 at 12:46:20PM -0800, Howard Chu wrote:
> Andrew Higginbotham wrote:
> >I am trying to setup a replication server using Openldap-2.3.27. I have
> >set it up (detailed below) and I get on the slave
> >TLS: can't accept.
> >TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
> >What is really strange is that I can log on and make manual modifications
> >to the slave from the master as the replication user with the password
> >in slapd.conf (yes, over tls!).
> >I was thinking it might be because of differing ssl versions, but I tried
> >switching to SSLv3 and the config file and it had no effect.
> >Does any one have some tips that would help me additionally debug this
> >problem or get an idea of where the failure is?
> >// Relevant config file lines on master
> >replica host=<<hostname>>:636
> > binddn="cn=replicator,dc=hmc,dc=edu"
> > tls=yes
> > bindmethod=simple
> > credentials=<<password>>
> If you're using port 636 then you're most likely using ldaps. You need
> to use an ldaps:// uri here, not the host/tls options.
When I do this I get
Error: parse_replica_line: unknown keyword "uri=ldaps://<<hostname>>:636"
Error: Malformed "replica" line in slapd config file, line 120
Warning: failed to add replica "(null):0 - ignoring replica
I think it is because the replication master is using an older version of ldap
(2.1.25). Could the version difference prove to be an insurmountable problem?
> >// Relevant config lines on slave
> >TLSCipherSuite HIGH:MEDIUM:+SSLv3
> >updatedn "cn=replicator,dc=hmc,dc=edu"
> >updateref ldaps://<<ref>>
> -- Howard Chu
> Chief Architect, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc
> OpenLDAP Core Team http://www.openldap.org/project/