after restarting both servers I do get the error:
<==slap_sasl2dn: Converted SASL name to<nothing>
SASL [conn=0] Error: unable to open Berkeley db /etc/sasldb2: No such
file or directory
[...]
I don't see a configuration for client certs, as an example I provide
my slapd.conf
syncrepl rid=042
provider=ldap://rubin.avci.de
sizelimit=unlimited
bindmethod=sasl
saslmech=external
starttls=yes
tls_cert=/etc/openldap/certs/replicator.pem
tls_key=/etc/openldap/certs/replicator-key.pem
tls_cacert=/etc/openldap/certs/avciCA.pem
tls_reqcert=demand
searchbase="o=avci,c=de"
scope=sub
[...]
Hi Dieter,
it looks like I still have some misunderstanding of where to set some
options after following my manual.... Maybe your book is better ;-)
I added the tls_* options to my consumer slapd.conf and started both
servers again. Now I still get messages on the provider which confuse
me, in particular the line "Converted SASL name to<nothing>"
do_sasl_bind: dn (cn=replicator,dc=filmakademie,dc=de) mech EXTERNAL
==>slap_sasl2dn: converting SASL name
email=webmaster@filmakademie.de,cn=ldap2.filmakademie.de,ou=it
officenet,o=filmakademie baden-wuerttemberg
gmbh,l=ludwigbsburg,st=baden-wuerttemberg,c=de to a DN
slap_authz_regexp: converting SASL name
email=webmaster@filmakademie.de,cn=ldap2.filmakademie.de,ou=it
officenet,o=filmakademie baden-wuerttemberg
gmbh,l=ludwigbsburg,st=baden-wuerttemberg,c=de
<==slap_sasl2dn: Converted SASL name to<nothing>
SASL Authorize [conn=0]: proxy authorization allowed authzDN=""
send_ldap_sasl: err=0 len=-1
do_bind: SASL/EXTERNAL bind:
dn="email=webmaster@filmakademie.de,cn=ldap2.filmakademie.de,ou=it
officenet,o=filmakademie baden-wuerttemberg
gmbh,l=ludwigbsburg,st=baden-wuerttemberg,c=de" sasl_ssf=0
Any suggestions? Thanks for your response,
/Götz