[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Syncrepl SSL fail





--On October 13, 2011 10:43:55 AM -0700 Josh Miller <joshua@itsecureadmin.com> wrote:


On Oct 13, 2011, at 10:29 AM, Quanah Gibson-Mount wrote:

I don't see any of the tls_* options to the syncrepl configuration here.
Likely the syncrepl client is unable to verify the master's cert.  I
would note that using refreshOnly is ill-advised.

Hi Quanah,

Why is RefreshOnly ill-advised?  That is the recommendation in the docs
(very timely as I just set this up again myself).

re:  http://www.openldap.org/doc/admin24/replication.html

The admin guide has examples, not recommendations. In any case, I fully intend to change those examples to be refreshAndPersist so people stop defaulting to refreshOnly. It is not always reliable, and your significantly delay your replication by using it.

--Quanah


--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration