[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Syncrepl with SASL External - SOLVED



Angela Gavazzi wrote:
I found out that the problem was double encrypting of the connection:

What does it mean "double encrypting of the connection"?

It works now if I set TLSVerifyClient to max. allow on the consumer side.
All stronger configurations end in:
CA unknown.
This makes much more sense: your TLS configuration is broken. Are you using a self-signed certificate? Or, is your certificate signed by the CA to whom the certificate pointed by TLSCACertificateFile belongs?

Thanks anyway

Angela


Here the concerning parts of the slapd.conf: ***************************************************************** master: ...

...
TLSCACertificateFile    /etc/ldap/certs/cacert.pem
TLSCACertificatePath    /etc/ldap/certs
TLSCertificateFile      /etc/ldap/certs/erde.aag_cert.pem
TLSCertificateKeyFile   /etc/ldap/certs/erde.aag_key.pem

TLSVerifyClient         demand

*****************************************************************
 slave:


TLSCACertificateFile /etc/ldap/certs/cacert.pem TLSCACertificatePath /etc/ldap/certs TLSCertificateFile /etc/ldap/certs/mond.aag_cert.pem TLSCertificateKeyFile /etc/ldap/certs/mond.aag_key.pem

##################
TLSVerifyClient         demand
##################

This has to be set to max allow.

... to disallow certificate checking. Fine if that's what you want.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------