[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: [EXTERNAL] Re: back-ldap and ldaps not working
--On Friday, July 07, 2017 8:10 PM +0000 Jon C Kidder <jckidder@aep.com>
wrote:
I've removed the starttls=no syntax and the line now reads.
olcDbStartTLS: ldaps
tls_cacert="/appl/openldap/etc/openldap/tls/cacerts.cer "
tls_reqcert=demand tls_crlcheck=none
I have verified the change propagated to the configuration directory and
restarted the instance. I saw no errors during configuration parsing in
the log. I am still seeing this error when the chain overlay tries to
follow the referral but no complaints when syncrepl connects.
I'm not sure how you do this with cn=config. With slapd.conf, it would be
done via using "chain-tls" and not "tls", as per the man page:
There are very few chain overlay specific directives;
however,
directives related to the instances of the ldap backend that may
be
implicitly instantiated by the overlay may assume a special
meaning
when used in conjunction with this overlay. They are described
in
slapd-ldap(5), and they also need to be prefixed by chain-.
It may be worthwhile to set up a slapd.conf where "chain-tls" is specified,
and see what happens with that on conversion.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>