[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Syncrepl SSL fail

To: Hugo Deprez <hugo.deprez@gmail.com>
Subject: Re: Syncrepl SSL fail
From: Nick Milas <nick@eurobjects.com>
Date: Sat, 15 Oct 2011 11:03:46 +0300
Cc: openldap-technical@openldap.org
In-reply-to: <CAAoQnKjZ70YYAmfUTy78FnoLD7Tu=qjHgdO0cg8aUHC170Eh3Q@mail.gmail.com>
References: <CAAoQnKjisqdHa0Pa8u5fjsUeNvJwY_fi6uJvs_T5U30ao+TG2w@mail.gmail.com> <CA+5QeXT80gVNR1ui6bMBribdQd3CqtR6TQh1Ms2aOPsYLFhmDg@mail.gmail.com> <CAAoQnKjZ70YYAmfUTy78FnoLD7Tu=qjHgdO0cg8aUHC170Eh3Q@mail.gmail.com>
User-agent: Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1

On 14/10/2011 4:10 ÎÎ, Hugo Deprez wrote:

I don't understand why it is failing as a single ldapsearch from the
same server with the syncrepl user is working.


I had exactly the same problem.

Following directions from:http://blaoism.blogspot.com/2010/05/ldapsaslbinds-failed.html, I addedtls_reqcert=never to syncrepl directives on the consumer, and thissolved the problem.


You may want to see my case here: http://tools.lsc-project.org/issues/328

Here is my setup on the consumer:

# Consumer Sync
syncrepl rid=333
provider=ldaps://ldap.example.com
tls_reqcert=never
type=refreshAndPersist
retry="60 +"
searchbase="dc=example,dc=com"
schemachecking=off
bindmethod=simple
binddn="uid=dnsauthusr,ou=System,dc=example,dc=com"
credentials="mypassword"

I hope that helps.

Nick

References:
- Syncrepl SSL fail
  - From: Hugo Deprez <hugo.deprez@gmail.com>
- Re: Syncrepl SSL fail
  - From: Hugo Deprez <hugo.deprez@gmail.com>

Prev by Date: Re: adding monitor to cn=config on already running slapd
Next by Date: FW: Request for Support to Create new Object Class in OpenLDAP
Index(es):
- Chronological
- Thread