Re: syncrepl not syncing [ CSN older or equal to ctx ]

[Duncan Brannen <dbb@st-andrews.ac.uk>]

Duncan Brannen wrote:
> I now have a different problem with the slave not recognising the 
> master's certificate
> TLS trace: SSL3 alert write:fatal:unknown CA
> I'm wondering if I've a mix of ssl libraries in there someplace (debug 
> looks like it's reading the correct directive and the other slaves 
> work so it's not openldap)
> There goes my afternoon ;)
>
>
> Cheers,
>           Duncan

In case anyone else has this problem and had the same chair/keyboard 
breakdown I had,

I'd overwritten my ldap.conf file when I reinstalled and syncrepl (on 
the client side at least) would seem to get it's
CA info from the /usr/local/etc/openldap/ldap.conf file rather than the 
TLSCACertificateFile option in slapd.conf

On a related note, while the man page still mentions starttls for 
syncrepl, the online admin guide doesn't 
http://www.openldap.org/doc/admin24/slapdconfig.html#syncrepl
Is this a hint to get people using sasl instead of simple?


Cheers,
         Duncan