[Date Prev][Date Next]
Multimaster SASL/EXTERNAL (TLS client cert) error
I've set up two test ldap servers (2.4.10) with multimaster replication.
With simple binds it is working well.
I've set up a client certificate (everything CA signed, no self-signing
;-) ) to use with SASL/EXTERNAL authentication.
Using olcAuthzRegexp I've mapped it to the rootdn of the cn=config
backend, set up an .ldaprc file and with:
su -c '/usr/bin/ldapwhoami' openldap -s /bin/sh
(I'm running slapd as openldap user and group)
SASL/EXTERNAL authentication started
SASL username: cn=LDAP Syncrepl Client,ou=LDAP Server,o=Kossuth
SASL SSF: 0
just like expected (ldapsearch and friends are also working on both
sides and cross).
Just to be sure I've exported the LDAPCONF variable in the slapd startup
But syncrepl doesn't work!
On the logs (olcLogLevel=-1):
ldap_sasl_interactive_bind_s failed (-6)
connection_read(20): unable to get TLS client DN, error=49 id=23