Delta replication don't starts if consumer supports SSL?

To: openldap-technical@openldap.org

Subject: Delta replication don't starts if consumer supports SSL?

From: paler cryptkeeper <paler.cryptkeeper@gmail.com>

Date: Wed, 6 Feb 2013 18:33:06 -0200

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:date:message-id:subject:from:to :content-type; bh=GhGCN+Kb9UvPEQ3ZckLouCE7Px+m8lU9ouicNSeH/AU=; b=WVNr8JtF6Rlk6SEj/8UfJrx9j5FXqBKRGplKbs0BxUOu0sSAZKM2PTA4S6i7r5hyXX f8jioeq7gQzUJR+gTdhIJhQC4kGHhu1bHvaPK1rgKwlneC6plS9P36ElsJrQT8bugjnP 2Yz30i9W8qeKLDQs9iyYov9ljXKkaGU0KKNadcWoyfC1YFr1JMDKYJ5fZFdO+GQVNW/Z VheJuDhp38/RFflBu3B0yQdEt+SMHNLWQdEYByO0O5fab8OyiG4+s01VhbGsEZcds01o FvUhyTEb0cP6fGctvnCV5c0Qc+PCnDU/qvO1hJbuKJFT5GQcBsjXWSrw4TSXy27o1WlS 0CCg==

Hi.

Today I had to set up two OpenLDAP instances (2.4.33), with delta replication under SSL/TLS, something pretty common, I think.

The installation (from source), initializing and TLS support setup went fine, and both, provider and consumer, started up without problems, and searches did well on both, with ldapd and ldaps. However, the replication never started. After a while (almost 2.5 hours!! and so many slapd.conf files..) I tried to start the consumer without ldaps support, only ldap, and the replication started perfectly! Is this normal? Could be something with the config? The only thing that changed between a not working state and a working one was that if 'slapd -d 256 -h "ldap:/// ldaps:///"' was used, replication didn't start, and with only 'slapd -d 256' the replication started normally.. I repeat that with the first option, beside replication, everything else worked fine, even searches using ldaps..

It's something I could not explain to or customer.. can someone explain it to me? :)

Thanks!