[Date Prev][Date Next]
Re: OpenLDAP syncrepl over SSL
On 07/31/2013 12:36 PM, Tony Davis wrote:
I wonder if anyone can help me with a question I have regarding an
openldap setup on Redhat / Centos 5.8 using openldap-2.3.43.
I am trying to setup replication, I have set this up using the simple
bind method, which stores a password for the replication in the config.
(This works) but I wondered if there was a way to have this replication
take place using ssl certificates without the need to store the unhashed
password in the slapd.conf? Is this possible? or do I still have to
specify a replication user and pass, but all the auth takes place over ssl?
This is my current config for replication:
retry="5 5 300 +"
but in the replication log i get the following:
Jul 31 11:06:18 master02 slapd: do_syncrep1: rid 001
ldap_sasl_interactive_bind_s failed (7)
Jul 31 11:06:18 master02 slapd: do_syncrepl: rid 001 retrying
(3 retries left)
Jul 31 11:06:18 master02 slapd: daemon: activity on 1 descriptor
Jul 31 11:06:18 master02 slapd: daemon: activity on:
I'm struggling with a similar problem (see message "N-Way Multi-Master
TLS problem" from a few hours ago) so I'm afraid I don't have an answer
for you. This FAQ entry might help:
One tip: usually the developers/experienced folks on this list will
advise you to upgrade your OpenLDAP version to the latest version using
packages available from http://ltb-project.org or build the latest
OpenLDAP from source against OpenSSL (not gnuTLS). Between 2.3.43 and
the latest 2.4.35 version many syncrepl bugs have been fixed so maybe
start with that.
If you find a solution I would appreciate it if you could update the
thread. It might provide a pointer how to solve my problem.