[Date Prev][Date Next]
Re: overlay chain and TLS/SSL
Ralf Zimmermann <email@example.com> writes:
> Hi all,
> I think I have a problem with the overlay chain and tls. We have one physical
> master and two slaves in VMware Vsphere4. Our configuration runs normally fine,
> but sometimes we can't modify entries like passwords to the master. Then we
> must restart the slapd at the slaves. After restarting slapd all works fine.
> Then slapd works fine the wholy day. We can change entries or set passwords on
> the slaves. Next morning we must restart the slapd again, because we can't
> modify entries from the slaves. But we can query the slapd and syncrepl works
> fine. Only things over the overlay chains doesn't work. I have the problem not
> only with Version 2.4.20. I tested more Versions and actually 2.4.21 from
> pysically hardware.
> If I can't set entries on the slave I don't see any tcp packets from the slave
> to the master. DNS, time and so on looks fine and everything else is working.
> And if we restart slapd everything is working. Does anybody know what is going
> wrong and if there exits a workaround. I read some things abount /dev/random,
> /dev/urandom and kernel 2.6 in VMware. Can this be the problem?
> Here the overlay chain configuration.
> <snip slapd.conf>
> overlay chain
> chain-uri "ldap://eisenherz.camelot.de/"
> chain-idassert-bind bindmethod=simple
> chain-rebind-as-user TRUE
> chain-return-error TRUE
> chain-tls start
> </snip slapd.conf>
> Any help is appreciated.
What version is this?
I found that with 2.4.21 a tls_cacert option solved my problem.
slapd-ldap(5) provides more TLS options.
Dieter Klünter | Systemberatung
GPG Key ID:8EF7B6C6