[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl fails after upgrade to openldap 2.4.45

To: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Subject: Re: syncrepl fails after upgrade to openldap 2.4.45
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Thu, 29 Jun 2017 08:13:44 -0700
Cc: Juergen.Sprenger@swisscom.com, openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <WM!272e76d479e53b74ae11abdb2a91415e02f8af8ba23bfd13858436967a784e66a85a6c28446ff42c9f0a4a22c9645c54!@mailstronghold-3.zmailcloud.com>
References: <a146956554c84b45bef9b9971741aebc@SG001738.corproot.net> <WM!83b92ebed934ebe68e0b1dc3ed2accc9cb98ac847bcfd9714b8b1e4b01031a374101e479b843c68909ce2ce76d79a653!@mailstronghold-2.zmailcloud.com> <4304E977C4D48D8E6E0E28CB@[192.168.1.30]> <d0ca020553594d2b94f80f62c1c71a9b@SG001738.corproot.net> <WM!3470a551096318d7efa891d2ba41b33a7f21387f45458615cdacf779605166fb54505bee8a911e1b6f88b8a3a79918ef!@mailstronghold-1.zmailcloud.com> <DAEF7F7C3CC886DD2709775B@[192.168.1.30]> <f4e35c590dc1467889eb73f2899b1fa3@SG001738.corproot.net> <WM!87b7759dc62e9dcffcfc469613f983941eeba143c0d4e7f7b6afbbb301e9a1026ec45a6fa0e21de2a689756fc211bdce!@mailstronghold-3.zmailcloud.com> <EB43C95A561D9851A1E7B2EA@[192.168.1.30]> <20170629150757.GC2797@slab.skills-1st.co.uk> <WM!272e76d479e53b74ae11abdb2a91415e02f8af8ba23bfd13858436967a784e66a85a6c28446ff42c9f0a4a22c9645c54!@mailstronghold-3.zmailcloud.com>

--On Thursday, June 29, 2017 5:07 PM +0100 Andrew Findlay<andrew.findlay@skills-1st.co.uk> wrote:

It seems that the CA cert was never referenced in the syncrepl clause, so
it would have dropped back to whatever TLS config was in the LDAP *client*
config file (probably /etc/ldap/ldap.conf). I seem to remember a change in
behaviour of OpenSSL libs a while ago where I was bitten by something
similar. Maybe Juergen's earlier setup used ldap.conf and the new one
is ignoring it?

Could be. My specific suggestion to him was to add a line for the CA.Instead, he added a line for the CA and the two additional lines for a cert& key (which would imply certificate authentication).


--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

References:
- syncrepl fails after upgrade to openldap 2.4.45
  - From: <Juergen.Sprenger@swisscom.com>
- Re: syncrepl fails after upgrade to openldap 2.4.45
  - From: Quanah Gibson-Mount <quanah@symas.com>
- RE: syncrepl fails after upgrade to openldap 2.4.45
  - From: <Juergen.Sprenger@swisscom.com>
- RE: syncrepl fails after upgrade to openldap 2.4.45
  - From: Quanah Gibson-Mount <quanah@symas.com>
- RE: syncrepl fails after upgrade to openldap 2.4.45
  - From: <Juergen.Sprenger@swisscom.com>
- RE: syncrepl fails after upgrade to openldap 2.4.45
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: syncrepl fails after upgrade to openldap 2.4.45
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>

Prev by Date: Re: syncrepl fails after upgrade to openldap 2.4.45
Next by Date: Re: mmr pair stops replicating: "consumer state is newer than provider"
Index(es):
- Chronological
- Thread