Hi,
I am trying to upgrade from 2.3.42 to 2.4.15 and my setup uses
single-master replication over TLS. When I do the upgrade I have
noticed that replication fails. I have reproduced the problem in my
lab, using a single server and multiple slapd instances, and I get the
following error on the slave:
[root@otm-hp11 cnd]# ./slapd -f slapdSlave.conf -d sync -h
"ldap://47.11.48.221:20389 ldaps://47.11.48.221:20636"
@(#) $OpenLDAP: slapd 2.4.15 (Feb 25 2009 22:27:30) $
worganc@otm-hp11:/home/worganc/openldap_build/openldap-2.4.15/servers/slapd
bdb_db_open: warning - no DB_CONFIG file found in directory
/opt/nortel/cnd/slave-data: (2).
Expect poor performance for suffix "dc=Nortel,dc=com".
slapd starting
TLS certificate verification: Error, self signed certificate in
certificate chain
TLS: can't connect: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed.
slap_client_connect: URI=ldaps://47.11.48.221:10636
DN="cn=replicationagent,ou=replication,dc=nortel,dc=com"
ldap_sasl_bind_s failed (-1)
do_syncrepl: rid=983 retrying (4 retries left)
The corresponding trace on the master is:
TLS: can't accept: error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca.