[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Syncrepl SSL fail

--On Thursday, October 13, 2011 6:38 PM +0200 Hugo Deprez <hugo.deprez@gmail.com> wrote: 


Dear community,

I setup a syncrepl between my master openldap server and a consumer.

I am trying to use SSL for this syncrepl
I got the following error in the log  when I start slapd on the consumer :

Oct 13 17:04:59 server slapd[16905]: slapd starting
Oct 13 17:04:59 server slapd[16905]: slap_client_connect:
URI=ldaps://ldap.mydomain.fr:1024/
DN="cn=syncrepluser,o=others,dc=mydomain,dc=fr" ldap_sasl_bind_s
failed (-1)
Oct 13 17:04:59 server slapd[16905]: do_syncrepl: rid=003 rc -1
retrying (9 retries left)


I don't understand why it is failing as a single ldapsearch from the
same server with the syncrepl user is working.

here is my syncrepl configuration :

Syncrepl  rid=003
               provider=ldaps://ldap.mydomain.fr:1024/
               type=refreshOnly
               retry="60 10 600 +"
               interval=00:00:00:10
               searchbase="dc=mydomain,dc=fr"
               scope=sub
               schemachecking=on
               bindmethod=simple
               binddn="cn=syncrepluser,o=others,dc=mydomain,dc=fr"
               credentials=my_password


Any idea ?
I don't see any of the tls_* options to the syncrepl configuration here. Likely the syncrepl client is unable to verify the master's cert. I would note that using refreshOnly is ill-advised. 

--Quanah



--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration