[Date Prev][Date Next] [Chronological] [Thread] [Top]

Syncrepl with SASL External - SOLVED

To: openldap-software@openldap.org
Subject: Syncrepl with SASL External - SOLVED
From: Angela Gavazzi <edv@goetheanum.ch>
Date: Tue, 6 Mar 2007 17:14:04 +0100
Content-disposition: inline
Organization: Allgemeine Anthroposophische Gesellschaft
User-agent: KMail/1.9.1

I found out that the problem was double encrypting of the connection:

It works now if I set TLSVerifyClient to max. allow on the consumer side.
All stronger configurations end in:
CA unknown.


Thanks anyway

Angela


Here the concerning parts of the slapd.conf:
*****************************************************************
master:
...

...
TLSCACertificateFile    /etc/ldap/certs/cacert.pem
TLSCACertificatePath    /etc/ldap/certs
TLSCertificateFile      /etc/ldap/certs/erde.aag_cert.pem
TLSCertificateKeyFile   /etc/ldap/certs/erde.aag_key.pem

TLSVerifyClient         demand

*****************************************************************
 slave:


TLSCACertificateFile    /etc/ldap/certs/cacert.pem
TLSCACertificatePath    /etc/ldap/certs
TLSCertificateFile      /etc/ldap/certs/mond.aag_cert.pem
TLSCertificateKeyFile   /etc/ldap/certs/mond.aag_key.pem

##################
TLSVerifyClient         demand
##################

This has to be set to max allow.

Follow-Ups:
- Re: Syncrepl with SASL External - SOLVED
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: RE: LDAP/BDB log purging
Next by Date: syncrepl updates from consumer
Index(es):
- Chronological
- Thread