RE: syncrepl fails after upgrade to openldap 2.4.45

[<Juergen.Sprenger@swisscom.com>]

The replication worked with 2.4.44-r1 anyway.

In the main section I have these entries:

security        tls=1

TLSProtocolMin  3.3
TLSCipherSuite  HIGH:MEDIUM:!SSLv2:!SSLv3
TLSCertificateFile /etc/ssl/openldap/dannatu.ch.pem
TLSCertificateKeyFile /etc/ssl/openldap/dannatu.ch.key
TLSCACertificateFile /etc/ssl/certs/dannatuCA-cacert.pem


Have also added these entries to syncrepl now, but without any success:

  tls_cert=/etc/ssl/openldap/dannatu.ch.pem
  tls_key=/etc/ssl/openldap/dannatu.ch.key
  tls_cacert=/etc/ssl/certs/dannatuCA-cacert.pem

Still works with 2.4.44-r1, but not with 2.4.45.

Juergen

-----Original Message-----
From: Quanah Gibson-Mount [mailto:quanah@symas.com] 
Sent: Thursday, June 22, 2017 5:12 PM
To: Sprenger Jürgen, INI-ON-CIS-SDI-HES <Juergen.Sprenger@swisscom.com>; openldap-technical@openldap.org
Subject: Re: syncrepl fails after upgrade to openldap 2.4.45

--On Thursday, June 22, 2017 10:25 AM +0000 Juergen.Sprenger@swisscom.com
wrote:

> syncrepl rid=000
>   provider=ldaps://ldap.dannatu.ch:636
>   type=refreshAndPersist
>   retry="5 5 300 +"
>   searchbase="dc=dannatu,dc=ch"
>   attrs="*,+"
>   scope=sub
>   bindmethod=simple
>   binddn="cn=Manager,dc=dannatu,dc=ch"
>   credentials=**************

I don't see anything here configuring for syncrepl to find the CA for your server cert.  I.e., something like tls_cacertdir=<path>

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>