[Date Prev][Date Next]
Re: Multimaster SASL/EXTERNAL (TLS client cert) error
----- "GÃmes GÃza" <firstname.lastname@example.org> wrote:
> Hi everyone!
> I've set up two test ldap servers (2.4.10) with multimaster
> With simple binds it is working well.
> I've set up a client certificate (everything CA signed, no
> ;-) ) to use with SASL/EXTERNAL authentication.
> Using olcAuthzRegexp I've mapped it to the rootdn of the cn=config
> backend, set up an .ldaprc file and with:
> su -c '/usr/bin/ldapwhoami' openldap -s /bin/sh
> (I'm running slapd as openldap user and group)
> I get:
> SASL/EXTERNAL authentication started
> SASL username: cn=LDAP Syncrepl Client,ou=LDAP Server,o=Kossuth
> Zsuzsanna SZKI,l=Dabas,st=Pest,c=HU
> SASL SSF: 0
> just like expected (ldapsearch and friends are also working on both
> sides and cross).
> Just to be sure I've exported the LDAPCONF variable in the slapd
> But syncrepl doesn't work!
> On the logs (olcLogLevel=-1):
> slap_client_connect: URI=ldaps://first-or-second-ldap-server
> ldap_sasl_interactive_bind_s failed (-6)
> connection_read(20): unable to get TLS client DN, error=49 id=23
Are you trying to StartTLS on an SSL (ldaps://) connection? That won't work.
T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
Open Source. Open Solutions(tm).