--On October 13, 2011 10:43:55 AM -0700 Josh Miller
<joshua@itsecureadmin.com> wrote:
On Oct 13, 2011, at 10:29 AM, Quanah Gibson-Mount wrote:
I don't see any of the tls_* options to the syncrepl configuration here.
Likely the syncrepl client is unable to verify the master's cert. I
would note that using refreshOnly is ill-advised.
Hi Quanah,
Why is RefreshOnly ill-advised? That is the recommendation in the docs
(very timely as I just set this up again myself).
re: http://www.openldap.org/doc/admin24/replication.html
The admin guide has examples, not recommendations. In any case, I fully
intend to change those examples to be refreshAndPersist so people stop
defaulting to refreshOnly. It is not always reliable, and your
significantly delay your replication by using it.