[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Single-master replication over TLS fails in 2.4.15
Craig Worgan wrote:
Hi Howard,
I actually thought that my certificate was bad, until I went back to 2.3
with the same certificate and configuration and it worked fine. Quanah
pointed out the new TLS related syncrepl options which, when I added
them to my config, fixed the problem. Thing is, I pointed the syncrepl
options to the same certificate I am using for the TLS* server
certificate directives. I am using a compound certificate, so my TLS
related config looks like this:
...
TLSCertificateFile 0.pem
TLSCACertificateFile 0.pem
TLSCertificateKeyFile 0.pem
Combining the private and public elements of the certs into one file is not wise.
...
syncrepl rid=983
provider=ldaps://myhost.nortel.com:10636
type=refreshAndPersist
searchbase=dc=nortel,dc=com
bindmethod=simple
binddn=cn=someaccount,dc=nortel,dc=com
credentials=secret
retry="30 +"
tls_cert=0.pem
tls_cacert=0.pem
tls_key=0.pem
In 2.4, if you configure syncrepl over TLS and omit the new options,
does OpenLDAP use the values that are configured for the server
certificate settings (TLS*), if any?
That's already explicitly stated in the slapd.conf(5) manpage.
If so, I'm confused as to why it
failed for me originally.
I have no idea, it works for me.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/