On 19/07/12 2:36 AM, Gavin Henry wrote:
Thanks for that, in the end I gave up on TLS and just used SSL. Later when I try again, it'll be after upgrading both the provider and the consumer to the same versions. For now I'm using:TLS: can't accept: A record packet with illegal version was received.. connection_read(16): TLS accept failure error=-1 id=1001, closing The master runs Ubuntu 10.04.4 LTS and slapd @(#) $OpenLDAP: slapd 2.4.21 (Dec 19 2011 15:18:58) $ buildd@roseapple:/build/buildd/openldap-2.4.21/debian/build/servers/slapd I'm wondering do I need to upgrade the master (slave is Ubuntu 12.04), could this be related to the version of slapd or gnutls?Check out: man slapd-ldap as slapo-chain uses that which has the same tls settings as slapd. Thanks.
chain-uri "ldaps://provider.example.com" . . chain-tls ldaps . . . . updateref "ldaps://provider.example.com/" Regards, Warren.