[Date Prev][Date Next]
Re: Syncrepl SSL fail
It seems that the proper configuration for my case is :
retry="60 10 600 +"
It works, but I am confuse with those parameters. If I understand
well, I will never use TLS here, but only ssl ?
Hence, it was a TLS issue ?
Thanks for you help.
On 16 October 2011 09:51, Howard Chu <email@example.com> wrote:
> Quanah Gibson-Mount wrote:
>> --On October 13, 2011 10:43:55 AM -0700 Josh Miller
>> <firstname.lastname@example.org> wrote:
>>> On Oct 13, 2011, at 10:29 AM, Quanah Gibson-Mount wrote:
>>>> I don't see any of the tls_* options to the syncrepl configuration here.
>>>> Likely the syncrepl client is unable to verify the master's cert. I
>>>> would note that using refreshOnly is ill-advised.
>>> Hi Quanah,
>>> Why is RefreshOnly ill-advised? That is the recommendation in the docs
>>> (very timely as I just set this up again myself).
>>> re: http://www.openldap.org/doc/admin24/replication.html
>> The admin guide has examples, not recommendations. In any case, I fully
>> intend to change those examples to be refreshAndPersist so people stop
>> defaulting to refreshOnly. It is not always reliable, and your
>> significantly delay your replication by using it.
> Of course, it may be the only thing that works reliably if you have a
> firewall that silently kills old connections.
> The examples should stand as-is. We cannot predict what environment it's
> going to be deployed in. It's up to administrators to use their brains and
> know these details of their network.
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/