[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS configuration with syncrepl



Hi Dieter,

Thanks.
With inclusion of tls_cacert, the replication is happening.

Thanks and Regards,
Naga Chaitanya


-----Original Message-----
From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Dieter Kluenter
Sent: Tuesday, July 19, 2011 5:25 PM
To: openldap-technical@openldap.org
Subject: Re: TLS configuration with syncrepl

Am Mon, 18 Jul 2011 21:05:48 +0530
schrieb Naga Chaitanya Palle <Naga.Chaitanya@aricent.com>:

> Hi,
>
> I am configuring TLS for syncrepl. But the consumer is not reading
> any updates from the server. Without tls the configuration was
> working fine. Please let me know where I am going wrong
>
> On client, my configuration files are as follows
>
> slapd.conf
> access to attrs=userPassword
>       by self write
>       by users read
>       by anonymous auth
>
>
> access to attrs=shadowLastChange
>       by self write
>       by * auth
>
> access to *
>       by * read
>
> moduleload syncprov.la
>
> syncrepl rid=124
>                 provider=ldaps://smalldevonly.comverse-in.com:389
>                 type=refreshOnly
>                 interval=00:00:01:00
>                 searchbase="dc=comverse-in,dc=com"
>                 filter="(objectClass=top)"
>                 scope=sub
>                 attrs="cn,uidNumber"
>                 schemachecking=off
>                 bindmethod=simple
>                 binddn="cn=Manager,dc=comverse-in,dc=com"
>                 credentials=sonora
>
> updateref       ldaps://smalldevonly.comverse-in.com
[...]

There is a tls_cacert=<path> parameter missing in the syncrepl
statements.
Please note that syncrepl is a ldap client application and requires
appropriate client configuration parameters.

-Dieter

--
Dieter Klünter | Systemberatung
sip: 7770535@sipgate.de
http://www.daasi.de/ldapcon2011/
GPG Key ID:8EF7B6C6


===============================================================================
Please refer to http://www.aricent.com/legal/email_disclaimer.html
for important disclosures regarding this electronic communication.
===============================================================================