[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Syncrepl SSL fail

--On October 13, 2011 10:43:55 AM -0700 Josh Miller <joshua@itsecureadmin.com> wrote:

On Oct 13, 2011, at 10:29 AM, Quanah Gibson-Mount wrote:

I don't see any of the tls_* options to the syncrepl configuration here.
Likely the syncrepl client is unable to verify the master's cert.  I
would note that using refreshOnly is ill-advised.

Hi Quanah,

Why is RefreshOnly ill-advised?  That is the recommendation in the docs
(very timely as I just set this up again myself).

re:  http://www.openldap.org/doc/admin24/replication.html

The admin guide has examples, not recommendations. In any case, I fully intend to change those examples to be refreshAndPersist so people stop defaulting to refreshOnly. It is not always reliable, and your significantly delay your replication by using it.


Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration