I'm trying to move my OpenLDAP MMR configuration from RHEL 6.5 (OpenLDAP 2.4.23) to RHEL 6.7 (OpenLDAP 2.4.40). On RHEL 6.5 it is working no with no problems. On RHEL 6.7, the configuration causes "ldapsearch -ZZ" to hang indefinitely.
The cn=config section in slapd.conf looks like this:
# sync provider configuration
filter="(|(objectClass=olcDatabaseConfig)(objectClass=olcOverlayConfig))"
bindmethod=sasl saslmech=EXTERNAL starttls=critical
tls_cert=/etc/openldap/csa-certs/config.crt
tls_key=/etc/openldap/csa-certs/config.key
tls_cacert=/etc/openldap/csa-certs/cacert.pem
filter="(|(objectClass=olcDatabaseConfig)(objectClass=olcOverlayConfig))"
bindmethod=sasl saslmech=EXTERNAL starttls=critical
tls_cert=/etc/openldap/csa-certs/config.crt
tls_key=/etc/openldap/csa-certs/config.key
tls_cacert=/etc/openldap/csa-certs/cacert.pem
If I comment out that section in slapd.conf then "ldapsearch -ZZ" works but (obviously) I don't get cn=config replication.
Am I doing something wrong in the configuration? Is it a fluke that it is working on 2.4.23 in the first place? Or does anyone know what may have changed (or is more strict or whatever) in the 2.4.40 release?
Should I try to just remove RHEL's version of OpenLDAP and install the latest from
openldap.org instead?
Any assistance is highly appreciated!