Re: syncrepl with ssl

[James <james@nttmcl.com>]

Dieter Kluenter wrote:
> "Dieter Kluenter" <dieter@dkluenter.de> writes:
>
>   
> > James <james@nttmcl.com> writes:
> >
> >     
> > > Hi guys i have a slight problem with syncrepl only when using ssl.
> > >
> > > When i use syncrepl without ssl the replication process works fine.
> > >
> > > I can access the master ldap server fine over ssl as well as the
> > > consumer but replication doesn't work
> > >
> > > Both have the same cacert
> > >
> > > Here's the Consumer part of the slapd.conf:
> > >
> > > syncrepl rid=1
> > >         provider=ldaps://master.xxx.com:636
> > >         binddn="cn=repadmin,dc=xxx,dc=com"
> > >         bindmethod=simple
> > >         searchbase="dc=xxx,dc=com"
> > >         type=refreshOnly
> > >         interval=00:01:00:00
> > >         filter="(objectClass=*)"
> > >         scope=sub
> > >         attrs="*"
> > >         schemachecking=off
> > >         credentials=xxxxxx
> > >       
> > And what is the TLS part of the consumer slapd.conf looking like?
> >     
>
> Sorry, my fault, it should read ldap.conf
>
> -Dieter
>
>   
timelimit 120
bind_timelimit 120
idle_timelimit 3600
nss_initgroups_ignoreusers 
root,ldap,named,avahi,haldaemon,postfix,messagebus
URI ldaps://master.example.com
BASE dc=example,dc=com
ldap_version 3
pam_password exop
ssl on
tls_ciphers  HIGH:MEDIUM:+SSLv2:RSA
tls_checkpeer no
TLS_CACERT /etc/ssl/cacert.pem
TLS_REQCERT allow