[Date Prev][Date Next] [Chronological] [Thread] [Top]

setting up mirroring with ldaps

Setting up mirroring between 2 servers - (ldap1 and ldap2)
Have a self signed cert installed on ldap1(provider) and connecting to ldap2(consumer) which is using the same cert as ldap1.
What I'm not sure about is can I put the same self signed cert on both ldap1 and ldap2?
Or on ldap2 create a self signed cert and copy it to ldap1 and register it using (certutil) to fix the issue below?
[root@ldap1 log]# slapd -d Sync
@(#) $OpenLDAP: slapd 2.4.23 (Feb  3 2014 19:11:35) $
/etc/openldap/slapd.conf: line 149: warning, destination attributeType 'sAMAccountName' is not defined in schema
PROXIED attributeDescription "SAMACCOUNTNAME" inserted.
/etc/openldap/slapd.conf: line 199: rootdn is always granted unlimited privileges.
bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
slapd starting
TLS: error: the certificate '/etc/openldap/certs/testldap1cert.pem' could not be found in the database - error -8174:security library: bad database..
TLS: certificate '/etc/openldap/certs/testldap1cert.pem' successfully loaded from PEM file.
TLS: no unlocked certificate for certificate
TLS: hostname (ldap2.example.net) does not match common name in certificate (ldap1.example.net).
TLS: can't connect: TLS error -8157:Certificate extension not found..
slap_client_connect: URI=ldaps://ldap2.example.net DN="cn=testsync,ou=roles,dc=example,dc=net" ldap_sasl_bind_s failed (-1)
do_syncrepl: rid=001 rc -1 retrying