[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: TLS slurpd fails
My suspicion (though I have nothing to point you towards to verify this with) is that the credentials for replication cannot be a hash of any sort. I've tried something similar and it works with a plain text password but not the same password hash used for the rootdn.
Jason
-----Original Message-----
From: Rick Blocker [mailto:rblocker@uchicago.edu]
Sent: Tuesday, July 23, 2002 3:47 PM
To: openldap-software@OpenLDAP.org
Subject: TLS slurpd fails
Hello,
I wonder if someone can help me. I'm having problems with secure
replication using TLS. slapd on the slave host will not accept
connections from slurpd using TLS even though an ldapsearch from the
same host using TLS is accepted. The logs on the slave host show a
seemingly generic error:
slapd[8896]: daemon: activity on 1 descriptors
slapd[8896]: daemon: new connection on 9
slapd[8896]: daemon: conn=27 fd=9 connection from
IP=xxx.xxx.xxx.xxx:3278 (IP=0.0.0.0:31746) accepted.
slapd[8896]: daemon: added 9r
slapd[8896]: daemon: activity on:
slapd[8896]:
slapd[8896]: daemon: select: listen=6 active_threads=0 tvp=NULL
slapd[8896]: daemon: activity on 1 descriptors
slapd[8896]: daemon: activity on:
slapd[8896]: 9r
slapd[8896]:
slapd[8896]: daemon: read activity on 9
slapd[8896]: connection_get(9)
slapd[8896]: connection_get(9): got connid=27
slapd[8896]: connection_read(9): checking for input on id=27
slapd[8896]: connection_read(9): TLS accept error error=-1
id=27,
closing
slapd[8896]: connection_closing: readying conn=27 sd=9 for close
slapd[8896]: connection_close: conn=27 sd=9
slapd[8896]: daemon: removing 9
slapd[8896]: conn=-1 fd=9 closed
slapd[8896]: daemon: select: listen=6 active_threads=0 tvp=NULL
slapd[8896]: daemon: activity on 1 descriptors
slapd[8896]: daemon: select: listen=6 active_threads=0 tvp=NULL
My slapd.config file on the master host:
replica host=slavehost.something.org:636 tls=yes
binddn="cn=admin,o=myorg,c=us"
bindmethod=simple
credentials={crypt}$1$gnKfjngh$iyxgvr77jgh6OsKlO63jfh
Does anyone have any ideas?
Best,
Rick