[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problems setting up replication server



Andrew Higginbotham wrote:
Hi,

I am trying to setup a replication server using Openldap-2.3.27. I have set it up (detailed below) and I get on the slave

TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol s23_srvr.c:580

What is really strange is that I can log on and make manual modifications to the slave from the master as the replication user with the password specified
in slapd.conf (yes, over tls!).


I was thinking it might be because of differing ssl versions, but I tried
switching to SSLv3 and the config file and it had no effect.

Does any one have some tips that would help me additionally debug this problem or get an idea of where the failure is?

// Relevant config file lines on master
replica host=<<hostname>>:636
        binddn="cn=replicator,dc=hmc,dc=edu"
        tls=yes
        bindmethod=simple
        credentials=<<password>>

If you're using port 636 then you're most likely using ldaps. You need to use an ldaps:// uri here, not the host/tls options.

// Relevant config lines on slave TLSCipherSuite HIGH:MEDIUM:+SSLv3

updatedn        "cn=replicator,dc=hmc,dc=edu"
updateref       ldaps://<<ref>>


Thanks, Andrew

.



--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/