[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Single-master replication over TLS fails in 2.4.15

Craig Worgan wrote:
Hi Howard,

I actually thought that my certificate was bad, until I went back to 2.3
with the same certificate and configuration and it worked fine.  Quanah
pointed out the new TLS related syncrepl options which, when I added
them to my config, fixed the problem.  Thing is, I pointed the syncrepl
options to the same certificate I am using for the TLS* server
certificate directives. I am using a compound certificate, so my TLS
related config looks like this:

TLSCertificateFile 0.pem
TLSCACertificateFile 0.pem
TLSCertificateKeyFile 0.pem

Combining the private and public elements of the certs into one file is not wise.

syncrepl rid=983
  retry="30 +"

In 2.4, if you configure syncrepl over TLS and omit the new options,
does OpenLDAP use the values that are configured for the server
certificate settings (TLS*), if any?

That's already explicitly stated in the slapd.conf(5) manpage.

If so, I'm confused as to why it
failed for me originally.

I have no idea, it works for me.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/