[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: syncrepl/sasl problems

I had this problem in 2.4.6 too. Set 'bindmethod' back to 'simple' add:

TLSVerifyClient try|allow|never

to your global section.

The default TLSVerifyClient value (seems to have) changed from 'never' to 'demand' in 2.4.6.


"Lawrence Strydom" writes:

> Thanks Howard
> I updated my config files according to the 2.3 Documentation but I
> still have the same problem. Slapd starts without error on both the
> master and the slave but when it runs syncrepl it complains about the
> sasl interactive bind that fails:

>  syncrepl rid=123
>                 provider=ldap://ldap1.tbiraq.com
>                 type=refreshAndPersist
>                 #interval=01:00:00:00
>                 searchbase="dc=mydomain,dc=com"
>                 filter="(objectClass=organizationalPerson)"
>                 scope=sub
>                 attrs="cn,sn,ou,telephoneNumber,title,l"
>                 schemachecking=off
>                 #updatedn="cn=replica,dc=mydomain,dc=com"
>                 bindmethod=sasl
>                 #saslmech=digest-md5
>                 binddn="cn=Administrator,dc=mydomain,dc=com"
>                 credentials="{ssha}mypassword"

man slapd.conf(5)

bindmethod is either simple or sasl, if your choice is sasl you have to
provide a saslmech and authcid or autzid but not a binddn.


Dieter Klünter | Systemberatung