[Date Prev][Date Next] [Chronological] [Thread] [Top]

Sync Replication via TLS/SSL - get bind err

To: openldap-software@openldap.org
Subject: Sync Replication via TLS/SSL - get bind err
From: "Chris G. Sellers" <chris.sellers@nitle.org>
Date: Thu, 20 Dec 2007 11:03:44 -0500

I have setup sync replication on two OpenLDAP servers. I have it successfully working via ldap://:389

I then setup TLS for SSL connections. I used a self signed cert (using the OpenLDAP how-to) as well as a CAsigned cert from cacert.org. I've setup the ca.crt in the ldap.conf file on both the master and slave. I've also setup the ca.cert in the TLS for the master server that the sync repl host connects to.

I've tested the cert with a connection via ldap -Z and -d debug option and seen that the cert appears to be validated.

So, when I turn on ldaps:// for the syncrepl section of the slave server, and use port 389 I get a bind error

Dec 20 11:01:43 IdP slapd[11717]: do_syncrep1: rid 123 ldap_sasl_bind_s failed (-1) Dec 20 11:01:43 IdP slapd[11717]: do_syncrepl: rid 123 quitting

which suggests that the connection could not be made on port 389 via TLS. I can't figure out how to tell the repl connection to send a certificate. Do I have to setup a user in LDAP with a cert? Do I put a client cert into the syncrepl section of the slapd.conf file on the slave? Please advise.

Thanks
Sellers


|----------------------------------------------------------------------|
Chris G. Sellers, MLS		     Lead Internet Engineer
National Institute for Technology & Liberal Education
535 West William Street, Ann Arbor, Michigan  48103
chris.sellers@nitle.org		 	      734.661.2318

Follow-Ups:
- Re: Sync Replication via TLS/SSL - get bind err
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: Sync Replication via TLS/SSL - get bind err
  - From: RUMI Szabolcs <rumi_ml@rtfm.hu>

Prev by Date: Re: How to generate an LDIF file?
Next by Date: Re: Sync Replication via TLS/SSL - get bind err
Index(es):
- Chronological
- Thread