[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Chaining

Jorge Medina wrote: 
I am trying to create a master-slave replication with chaining overlay
enabled in the slave to redirect writes request to the master.

I have it working using ldap:// but I have not been able to configure
the chain overlay using a secure connection ldaps:// (running on port
5636 on the master)

My master server do not require client certificates.,


I added the following lines:

overlay 		chain
chain-uri		"ldaps://masterldap.example.com:5636"
chain-idassert-bind  bindmethod="simple"
			   binddn="cn=Manager,dc=example,dc=com"
			   credentials="secret"
                     mode="self"
			   tls_cacert="/path/to/my/CA/cert.pem"
chain-return-error   TRUE


But I get "TLS negotiation failure" on the syslog

I am using ldaps:// for replication, but I can't configure it for
chaining


"There are very few chain overlay specific directives; however, directives related to the instances of the ldap backend that may be
implicitly instantiated by the overlay may assume a special meaning when used in conjunction with this overlay. They are described
in slapd-ldap(5), and they also need to be prefixed by chain-."

So have a read of man slapd-ldap for the tls statements.


--
Kind Regards,

Gavin Henry.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 13 Whiteley Well Place, Inverurie,
Aberdeenshire, AB51 4FP.