[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Cannot re-enable synchronization

To: openldap-technical@openldap.org
Subject: Re: Cannot re-enable synchronization
From: Olivier Nicole <olivier2553@gmail.com>
Date: Wed, 11 May 2016 13:13:22 +0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to; bh=vWdBrMEldveB4u8gkPxR4ysu7aLYSKNNMEoO3U20IdY=; b=yQ2Yf37a++CecZzbUXcoEffT0Vc26fR9GJ/B9DLIVxjpxu6HDUnVAWZQqpOOSB+tYn ibRNyhKuhwTbnIIzsMCMMGOKxgNTNhkm4/ouSAxCT4oitBMTn89D/IwPQ6vGKWe10BPi nbymZohCORSY7v1T80CPGTzSGErIxQmOLyqWU1JdlW0i6VuljJXNMwolSENUcY7X2GFz SPd7CkU3I/kT8XFwjghjTXzQKj/v283ojKjcKaxjptPkGvbpIHz1qF0bqf8VUonSspFh VeOrpTu+urvWU4kH1A2XmqswTgi1HqzpOy7ghLSSdZ/UsqWRV/2xoaLF1K2v2m8yFPRu waeQ==
In-reply-to: <CA+g+BvjQ7VqFXPdGVUSQnw=oP5dBo0WRQHe-Vvf2idjNPLfHYQ@mail.gmail.com>
References: <CA+g+BvjQ7VqFXPdGVUSQnw=oP5dBo0WRQHe-Vvf2idjNPLfHYQ@mail.gmail.com>

Hi,

On Monday I had a major issue, my root CA (for all my encryption)
expired, so my LDAP server number 1 became inaccessible.

I have a server number 2, running from another root certificate, that
did not expire and that was properly replicating from the server
number 1, using:

syncrepl    rid=0
              provider=ldaps://ldap server 1/
              type=refreshAndPersist
              bindmethod=simple
              binddn=cn=Manager,dc=xxx
              credentials="XXX"
              searchbase=dc=xxx
              tls_reqcert=try
              starttls=yes
              retry="60 10 300 +"

But since I updated the root certificate on server 1, I cannot get the
replication.

I can still ldapsearch from server 2 to server 1.

In the log of server 1 I see a proper connection, but I don't know how
to further debug the replication.

Best regards,

Olivier

Prev by Date: Re: ldap user login attempt kills slapd service
Next by Date: Re: ldap user login attempt kills slapd service
Index(es):
- Chronological
- Thread