Re: TLS configuration with syncrepl

[Dieter Kluenter <dieter@dkluenter.de>]

Am Mon, 18 Jul 2011 21:05:48 +0530
schrieb Naga Chaitanya Palle <Naga.Chaitanya@aricent.com>:

> Hi,
> 
> I am configuring TLS for syncrepl. But the consumer is not reading
> any updates from the server. Without tls the configuration was
> working fine. Please let me know where I am going wrong
> 
> On client, my configuration files are as follows
> 
> slapd.conf
> access to attrs=userPassword
>       by self write
>       by users read
>       by anonymous auth
> 
> 
> access to attrs=shadowLastChange
>       by self write
>       by * auth
> 
> access to *
>       by * read
> 
> moduleload syncprov.la
> 
> syncrepl rid=124
>                 provider=ldaps://smalldevonly.comverse-in.com:389
>                 type=refreshOnly
>                 interval=00:00:01:00
>                 searchbase="dc=comverse-in,dc=com"
>                 filter="(objectClass=top)"
>                 scope=sub
>                 attrs="cn,uidNumber"
>                 schemachecking=off
>                 bindmethod=simple
>                 binddn="cn=Manager,dc=comverse-in,dc=com"
>                 credentials=sonora
> 
> updateref       ldaps://smalldevonly.comverse-in.com
[...]

There is a tls_cacert=<path> parameter missing in the syncrepl
statements.
Please note that syncrepl is a ldap client application and requires
appropriate client configuration parameters.

-Dieter

-- 
Dieter KlÃnter | Systemberatung
sip: 7770535@sipgate.de 
http://www.daasi.de/ldapcon2011/
GPG Key ID:8EF7B6C6