[Date Prev][Date Next] [Chronological] [Thread] [Top]

Replication with slurpd - problems using TLS

To: openldap-software@OpenLDAP.org
Subject: Replication with slurpd - problems using TLS
From: "Lawrence, Mike (White Plains)" <Mike.Lawrence@starwoodhotels.com>
Date: Fri, 23 May 2003 10:36:29 -0400

Hi - I am in the process of trying to get replication working between a
master and one slave instance
using slurpd. I'm using Solaris 8, with the padl pam and nss ldap modules -
at this point just to let users
authenticate against ldap when they ssh in. Replication works now without
TLS, but if I try turning it on it
fails, and this is what I see show up in the slave's log file:

May 23 10:03:08 wp-app3 slapd[2237]: [ID 733216 local4.debug]
connection_read(12): TLS accept
error error=-1 id=7, closing

slurpd isn't logging any .rej files when the updates fail to propogate; but
I do see the TLS errors
from slapd.

Both master and slave are configured identically. I can authenticate
against both with ssh using TLS.
It just seems to be broken now for some reason with slurpd and replication.

Their slapd.conf files look like this for the new replication pieces:

master:
----------
replogfile /opt/csw/var/openldap-slurp/replica/slapd.replog

replica host=10.14.12.33:389
suffix="dc=webtech,dc=com"
binddn="cn=replica,dc=webtech,dc=com"
credentials=secret
bindmethod=simple
# tls=yes -> if I turn this on it breaks

slave:
-------
rootdn "cn=replica,dc=webtech,dc=com"
rootpw {crypt}JOEAfuddHpilE
updatedn "cn=replica,dc=webtech,dc=com"
updateref ldap://10.14.12.32

Has anyone gotten this to work with TLS? Any tips or advice would be
greatly appreciated. Also is it
possible to make the "credentials" line on the master not have a clear text
password? Thanks!

This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged.
The information is intended only for the use of the individual(s) or entity named above. If you are not the intended recipient, be
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited. If you have received
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field.

Follow-Ups:
- Re: Replication with slurpd - problems using TLS
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: OpenLDAP + SASL + DIGEST-MD5
Next by Date: Re: Replication with slurpd - problems using TLS
Index(es):
- Chronological
- Thread