[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Cannot re-enable synchronization
- To: openldap-technical@openldap.org
- Subject: Re: Cannot re-enable synchronization
- From: Olivier Nicole <olivier2553@gmail.com>
- Date: Wed, 11 May 2016 13:13:22 +0700
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to; bh=vWdBrMEldveB4u8gkPxR4ysu7aLYSKNNMEoO3U20IdY=; b=yQ2Yf37a++CecZzbUXcoEffT0Vc26fR9GJ/B9DLIVxjpxu6HDUnVAWZQqpOOSB+tYn ibRNyhKuhwTbnIIzsMCMMGOKxgNTNhkm4/ouSAxCT4oitBMTn89D/IwPQ6vGKWe10BPi nbymZohCORSY7v1T80CPGTzSGErIxQmOLyqWU1JdlW0i6VuljJXNMwolSENUcY7X2GFz SPd7CkU3I/kT8XFwjghjTXzQKj/v283ojKjcKaxjptPkGvbpIHz1qF0bqf8VUonSspFh VeOrpTu+urvWU4kH1A2XmqswTgi1HqzpOy7ghLSSdZ/UsqWRV/2xoaLF1K2v2m8yFPRu waeQ==
- In-reply-to: <CA+g+BvjQ7VqFXPdGVUSQnw=oP5dBo0WRQHe-Vvf2idjNPLfHYQ@mail.gmail.com>
- References: <CA+g+BvjQ7VqFXPdGVUSQnw=oP5dBo0WRQHe-Vvf2idjNPLfHYQ@mail.gmail.com>
Hi,
On Monday I had a major issue, my root CA (for all my encryption)
expired, so my LDAP server number 1 became inaccessible.
I have a server number 2, running from another root certificate, that
did not expire and that was properly replicating from the server
number 1, using:
syncrepl rid=0
provider=ldaps://ldap server 1/
type=refreshAndPersist
bindmethod=simple
binddn=cn=Manager,dc=xxx
credentials="XXX"
searchbase=dc=xxx
tls_reqcert=try
starttls=yes
retry="60 10 300 +"
But since I updated the root certificate on server 1, I cannot get the
replication.
I can still ldapsearch from server 2 to server 1.
In the log of server 1 I see a proper connection, but I don't know how
to further debug the replication.
Best regards,
Olivier