[Date Prev][Date Next] [Chronological] [Thread] [Top]

updating from 2.4.20 to 2.4.22 breaks syncrepl/TLS

To: openldap-technical@openldap.org
Subject: updating from 2.4.20 to 2.4.22 breaks syncrepl/TLS
From: Thierry Lacoste <lacoste@u-pec.fr>
Date: Wed, 20 Oct 2010 17:13:44 +0200

Hello,

I have 2 CentOS 5.4 servers running OpenLDAP 2.4.20

installed from Buchan Milne's repository (openldap2.4-servers-2.4.20-1.el5).


The first server is a Sync Provider.
The second is a consumer with 'starttls=critical'.

I have no problem after 'yum update' of the master
(openldap2.4-servers-2.4.22-1.el5 is installed and replication is OK).

But after 'yum update' of the slave, syncrepl won't work anymorebecause of TLS failures.


Here are the logs on the master :

Oct 20 16:51:15 vcos-castor slapd2.4[20097]: @(#) $OpenLDAP: slapd2.4.22 (Apr 27 2010 12:04:27) $bgmilne@centos5-32.ranger.dnsalias.com:/home/bgmilne/rpm/BUILD/openldap-2.4.22/servers/slapd

Oct 20 16:51:15 vcos-castor slapd2.4[20098]: slapd starting

Oct 20 16:51:46 vcos-castor slapd2.4[20098]: conn=1000 fd=16 ACCEPTfrom IP=IP.OF.THE.SLAVE:46212 (IP=0.0.0.0:389)Oct 20 16:51:46 vcos-castor slapd2.4[20098]: conn=1000 op=0 EXToid=1.3.6.1.4.1.1466.20037

Oct 20 16:51:46 vcos-castor slapd2.4[20098]: conn=1000 op=0 STARTTLS

Oct 20 16:51:46 vcos-castor slapd2.4[20098]: conn=1000 op=0 RESULToid= err=0 text=Oct 20 16:51:46 vcos-castor slapd2.4[20098]: conn=1000 fd=16 closed(TLS negotiation failure)


Here are the logs on the slave :

Oct 20 16:51:45 vcos-pollux slapd2.4[1808]: @(#) $OpenLDAP: slapd2.4.22 (Apr 27 2010 12:04:27) $bgmilne@centos5-32.ranger.dnsalias.com:/home/bgmilne/rpm/BUILD/openldap-2.4.22/servers/slapd

Oct 20 16:51:45 vcos-pollux slapd2.4[1809]: slapd starting

Oct 20 16:51:45 vcos-pollux slapd2.4[1809]: slap_client_connect:URI=ldap://NAME_OF_THE_MASTER Error, ldap_start_tls failed (-11)Oct 20 16:51:45 vcos-pollux slapd2.4[1809]: do_syncrepl: rid=000 rc-11 retrying (4 retries left)


ldapsearch from the slave can do TLS :
$ ldapsearch -ZZ -x -h NAME_OF_THE_MASTER

This is ldapsearch from openldap-clients-2.3.43-12.el5_5.2 as packagedby CentOS


Any ideas on how to troubleshoot the problem?

Regards,
Thierry

PS : as a side note both servers are Xen VMs running on CentOS hosts.

Follow-Ups:
- Re: updating from 2.4.20 to 2.4.22 breaks syncrepl/TLS
  - From: Prentice Bisbal <prentice@ias.edu>
- Re: updating from 2.4.20 to 2.4.22 breaks syncrepl/TLS
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

Prev by Date: Re: Ldap , problems with getent passwd
Next by Date: Re: Ldap , problems with getent passwd
Index(es):
- Chronological
- Thread