[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Syncrepl SSL fail

To: Josh Miller <joshua@itsecureadmin.com>, openldap-technical@openldap.org
Subject: Re: Syncrepl SSL fail
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Sat, 15 Oct 2011 19:23:29 -0700
Content-disposition: inline
In-reply-to: <2F29DB7B-BFFD-4004-951B-09EA3BF8429E@itsecureadmin.com>
References: <CAAoQnKjisqdHa0Pa8u5fjsUeNvJwY_fi6uJvs_T5U30ao+TG2w@mail.gmail.com> <53616BF91B701EAFA5521B0F@[192.168.1.23]> <2F29DB7B-BFFD-4004-951B-09EA3BF8429E@itsecureadmin.com>

--On October 13, 2011 10:43:55 AM -0700 Josh Miller<joshua@itsecureadmin.com> wrote:


On Oct 13, 2011, at 10:29 AM, Quanah Gibson-Mount wrote:


I don't see any of the tls_* options to the syncrepl configuration here.
Likely the syncrepl client is unable to verify the master's cert.  I
would note that using refreshOnly is ill-advised.


Hi Quanah,

Why is RefreshOnly ill-advised?  That is the recommendation in the docs
(very timely as I just set this up again myself).

re:  http://www.openldap.org/doc/admin24/replication.html

The admin guide has examples, not recommendations. In any case, I fullyintend to change those examples to be refreshAndPersist so people stopdefaulting to refreshOnly. It is not always reliable, and yoursignificantly delay your replication by using it.


--Quanah


--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- Re: Syncrepl SSL fail
  - From: Howard Chu <hyc@symas.com>

References:
- Syncrepl SSL fail
  - From: Hugo Deprez <hugo.deprez@gmail.com>
- Re: Syncrepl SSL fail
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: Syncrepl SSL fail
  - From: Josh Miller <joshua@itsecureadmin.com>

Prev by Date: Re: Adding new Indexes while the directory is running
Next by Date: Re: Adding new Indexes while the directory is running
Index(es):
- Chronological
- Thread