[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl not syncing [ CSN older or equal to ctx ]

Duncan Brannen wrote:

I now have a different problem with the slave not recognising the master's certificate
TLS trace: SSL3 alert write:fatal:unknown CA
I'm wondering if I've a mix of ssl libraries in there someplace (debug looks like it's reading the correct directive and the other slaves work so it's not openldap)
There goes my afternoon ;)

Cheers, Duncan

In case anyone else has this problem and had the same chair/keyboard breakdown I had,

I'd overwritten my ldap.conf file when I reinstalled and syncrepl (on the client side at least) would seem to get it's
CA info from the /usr/local/etc/openldap/ldap.conf file rather than the TLSCACertificateFile option in slapd.conf

On a related note, while the man page still mentions starttls for syncrepl, the online admin guide doesn't http://www.openldap.org/doc/admin24/slapdconfig.html#syncrepl
Is this a hint to get people using sasl instead of simple?

Cheers, Duncan