[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Multimaster SASL/EXTERNAL (TLS client cert) error



----- "GÃmes GÃza" <geza@kzsdabas.hu> wrote:

> Hi everyone!
> 
> I've set up two test ldap servers (2.4.10) with multimaster
> replication.
> With simple binds it is working well.
> I've set up a client certificate (everything CA signed, no
> self-signing
> ;-) ) to use with SASL/EXTERNAL authentication.
> Using olcAuthzRegexp I've mapped it to the rootdn of the cn=config
> backend, set up an .ldaprc file and with:
> su -c '/usr/bin/ldapwhoami' openldap -s /bin/sh
> (I'm running slapd as openldap user and group)
> I get:
> SASL/EXTERNAL authentication started
> SASL username: cn=LDAP Syncrepl Client,ou=LDAP Server,o=Kossuth
> Zsuzsanna SZKI,l=Dabas,st=Pest,c=HU
> SASL SSF: 0
> dn:cn=config
> just like expected (ldapsearch and friends are also working on both
> sides and cross).
> Just to be sure I've exported the LDAPCONF variable in the slapd
> startup
> script.
> But syncrepl doesn't work!
> On the logs (olcLogLevel=-1):
> slap_client_connect: URI=ldaps://first-or-second-ldap-server
> ldap_sasl_interactive_bind_s failed (-6)
> connection_read(20): unable to get TLS client DN, error=49 id=23

Are you trying to StartTLS on an SSL (ldaps://) connection? That won't work.

-- 
Kind Regards,

Gavin Henry.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/