RE: syncrepl/sasl problems

["HORSTMAN, MARK A (ATTSI)" <mh2620@att.com>]

I had this problem in 2.4.6 too. Set 'bindmethod' back to 'simple' add:

TLSVerifyClient try|allow|never

to your global section.

The default TLSVerifyClient value (seems to have) changed from 'never' to 'demand' in 2.4.6.


Mark

"Lawrence Strydom" writes:

> Thanks Howard
>
> I updated my config files according to the 2.3 Documentation but I
> still have the same problem. Slapd starts without error on both the
> master and the slave but when it runs syncrepl it complains about the
> sasl interactive bind that fails:

>  syncrepl rid=123
>                 provider=ldap://ldap1.tbiraq.com
>                 type=refreshAndPersist
>                 #interval=01:00:00:00
>                 searchbase="dc=mydomain,dc=com"
>                 filter="(objectClass=organizationalPerson)"
>                 scope=sub
>                 attrs="cn,sn,ou,telephoneNumber,title,l"
>                 schemachecking=off
>                 #updatedn="cn=replica,dc=mydomain,dc=com"
>                 bindmethod=sasl
>                 #saslmech=digest-md5
>                 binddn="cn=Administrator,dc=mydomain,dc=com"
>                 credentials="{ssha}mypassword"

man slapd.conf(5)

bindmethod is either simple or sasl, if your choice is sasl you have to
provide a saslmech and authcid or autzid but not a binddn.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6