[Date Prev][Date Next] [Chronological] [Thread] [Top]

Replication problem using synrepl with TLS (Starttls)

To: openldap-software@openldap.org
Subject: Replication problem using synrepl with TLS (Starttls)
From: Germain Maurice <germain.maurice@linkfluence.net>
Date: Tue, 02 Feb 2010 15:21:11 +0100
User-agent: Thunderbird 2.0.0.23 (X11/20090817)

Hi everybody,

I use replication between my openldap provider and an openldap consumer,i use syncrepl over TLS connection.I managed to make it working... but now, it doesn't want to work. I justhave done a reboot on the consumer and the replication does not want towork again.


Here is the log line i get :

slap_client_connect: URI=ldaps://provider.mydomain.net DN="cn=syncrepl,dc=mydomain.net" ldap_sasl_bind_s failed (-1)

My openldap servers use cn=config directives, on my consumer i have this :

olcSyncrepl: {0}rid=000 provider=*ldap://provider.mydomain.net*
searchbase=dc=mydomain.net
bindmethod=simple
binddn=cn=syncrepl,dc=mydomain.net
credentials=XXXXX
retry="60 +"
type=refreshOnly
interval=00:00:10:00
starttls=yes
tls_cert=/etc/ssl/certs/ca-cert.pem
tls_cacert=/etc/ssl/certs/ca-cert.pem
tls_key=/etc/ssl/private/ca-key.pem


If you want see more of my configuration have a look to my blog :
http://erralt.wordpress.com/2010/01/19/openldap-syncrepl-via-tls-ssl/

Any idea on this error ?

ldap_sasl_bind_s failed (-1)

Thank you
Best regards

--
Germain Maurice
Administrateur Système
Tel : +33.(0)1.42.43.64.13

**linkfluence news & events**
2009 excellence award nominee from ESOMAR
2009 marketing research silver award from semo & marketing magazine (France)
2009 european excellence award recipient (PR evaluation, wahlradar.de, joint project with Publicis Consultants)

Prev by Date: Can ldap backend strip paged result critial extension?
Next by Date: simple bind with external Kerberos V password store
Index(es):
- Chronological
- Thread