[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Multimaster SASL/EXTERNAL (TLS client cert) error
----- "GÃmes GÃza" <geza@kzsdabas.hu> wrote:
> Hi everyone!
>
> I've set up two test ldap servers (2.4.10) with multimaster
> replication.
> With simple binds it is working well.
> I've set up a client certificate (everything CA signed, no
> self-signing
> ;-) ) to use with SASL/EXTERNAL authentication.
> Using olcAuthzRegexp I've mapped it to the rootdn of the cn=config
> backend, set up an .ldaprc file and with:
> su -c '/usr/bin/ldapwhoami' openldap -s /bin/sh
> (I'm running slapd as openldap user and group)
> I get:
> SASL/EXTERNAL authentication started
> SASL username: cn=LDAP Syncrepl Client,ou=LDAP Server,o=Kossuth
> Zsuzsanna SZKI,l=Dabas,st=Pest,c=HU
> SASL SSF: 0
> dn:cn=config
> just like expected (ldapsearch and friends are also working on both
> sides and cross).
> Just to be sure I've exported the LDAPCONF variable in the slapd
> startup
> script.
> But syncrepl doesn't work!
> On the logs (olcLogLevel=-1):
> slap_client_connect: URI=ldaps://first-or-second-ldap-server
> ldap_sasl_interactive_bind_s failed (-6)
> connection_read(20): unable to get TLS client DN, error=49 id=23
Are you trying to StartTLS on an SSL (ldaps://) connection? That won't work.
--
Kind Regards,
Gavin Henry.
T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com
Open Source. Open Solutions(tm).
http://www.suretecsystems.com/