[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP syncrepl over SSL

To: openldap-technical@openldap.org
Subject: OpenLDAP syncrepl over SSL
From: Tony Davis <tony@specialistdevelopment.com>
Date: Wed, 31 Jul 2013 11:36:25 +0100

Hi,

I wonder if anyone can help me with a question I have regarding an openldap setup on Redhat / Centos 5.8 using openldap-2.3.43.

I am trying to setup replication, I have set this up using the simple bind method, which stores a password for the replication in the config. (This works) but I wondered if there was a way to have this replication take place using ssl certificates without the need to store the unhashed password in the slapd.conf? Is this possible? or do I still have to specify a replication user and pass, but all the auth takes place over ssl?

This is my current config for replication:

syncrepl rid=001
provider=ldap://master01.tld
type=refreshAndPersist
interval=00:00:05:00
retry="5 5 300 +"
searchbase="dc=tld"
attrs="*,+"
bindmethod=sasl
saslmech=EXTERNAL
tls_cert=/etc/master02.tld.pem
tls_key=/etc/master02.tld.key
tls_cacert=/etc/openldap/cacerts/ca.pem
tls_reqcert=demand
starttls=yes

mirrormode on
updateref ldap://master01.tld

but in the replication log i get the following:

Jul 31 11:06:18 master02 slapd[6958]: do_syncrep1: rid 001 ldap_sasl_interactive_bind_s failed (7)
Jul 31 11:06:18 master02 slapd[6958]: do_syncrepl: rid 001 retrying (3 retries left)
Jul 31 11:06:18 master02 slapd[6958]: daemon: activity on 1 descriptor
Jul 31 11:06:18 master02 slapd[6958]: daemon: activity on:

Follow-Ups:
- Re: OpenLDAP syncrepl over SSL
  - From: Patrick Lists <openldap-list@puzzled.xs4all.nl>
- Re: OpenLDAP syncrepl over SSL
  - From: btb <btb@bitrate.net>

Prev by Date: ldap_sasl_bind doesn't fail with wrong credentials
Next by Date: Re: OpenLDAP syncrepl over SSL
Index(es):
- Chronological
- Thread