[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl 2.4 issue from 2.3 master



On Fri, Sep 18, 2009 at 11:31 PM, Quanah Gibson-Mount <quanah@zimbra.com> wrote:
> Read the 2.4 Admin guide to start, the TLS options for syncrepl are now part
> of the syncrepl stanza.  You will want to configure it there.

Hello, quick one about this, i read this page:
http://www.openldap.org/doc/admin24/slapdconfig.html#syncrepl
The part I am wondering about is this: "by default the TLS parameters
from a ldap.conf(5) configuration file will be used. TLS settings may
be specified here, in which case any ldap.conf(5) settings will be
completely ignored"

So i do have a valid /etc/ldap.conf which contains references to TLS
cert and stuff, why do i need more settings in slapd.conf? Reason I am
asking is when i add this, in the syncrepl section, it fails saying
unknown directive:

[starttls=yes|critical]
[tls_cacert=<file>]

For info, this is my ldap.conf:

BASE         dc=example, dc=com
URI          ldaps://masterldap.example.com:636/
TLS_CACERT /etc/ldap/cert/cacert.pem
TLS_REQCERT  demand

Cheers,
Steph