[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL + Replica



At 04:13 AM 9/10/2004, Andreas Zimmermann wrote:
>Am Donnerstag, 9. September 2004 19:18 schrieben Sie:
>> At 09:55 AM 9/9/2004, Quanah Gibson-Mount wrote:
>> >--On Thursday, September 09, 2004 2:09 PM +0200 Andreas Zimmermann 
><And.Zimmermann@web.de> wrote:
>> >>Hi everybody!
>> >>I´ve got a problem using tls for replication.
>> >>First of all I´ve setted up 2 hosts with openldap and tls. Both work
>> >>fine. Now  Im stuck setting up replica via tls. I´ve added those lines on
>> >>master:
>> >>
>> >>replica host=rincewind.octo-soft.de:636
>> >>binddn="cn=Manager,o=OctoSoft,dc=de"
>> >>bindmethod=simple credentials=secret
>> >>
>> >>and slurpd is starting up too.
>> >>When is start ldap on master the following lines appear in replicas log:
>> >>Sep  9 14:02:29 rincewind slapd[15158]: conn=17 fd=7 ACCEPT from
>> >>IP=192.168.42.11:1988 (IP=:: 636)
>> >>Sep  9 14:02:29 rincewind slapd[15158]: conn=17 fd=7 closed
>> >
>> >This looks like you are using SSL, not TLS.  Which one do you want?
>>
>> SSL == TLS.
>>
>> The problem here is that the user didn't select a mechanism
>> to establish TLS (SSL).  That is, neither selected Start TLS nor
>> ldaps://.
>
>Yes, exactly there was the problem. 
>Is there a solution for adding new users into ldap via the adduser/useradd 
>script?

I don't see how either would have an impact on whether
slurpd used TLS (SSL).

>And I get an strange error on replica when I want to add a new user.

Nothing to do with slurpd and TLS.  This error implies another
misconfiguration of the slave server or the client.  The
updatedn is generally reserved for slurpd use and you apparently
are using otherwise.  See updatedn/rootdn discussions in
slapd.conf(5) and the Admin Guide.

Kurt