Le 2017-06-02 17:46, r0m5 a écrit :
Le 2017-06-02 16:55, Quanah Gibson-Mount a écrit :
--On Friday, June 02, 2017 11:01 AM +0200 r0m5 <r0m5@r0m5.eu> wrote:
Hello, I am facing an issue with syncrepl and STARTTLS on 389 port. The kind of problem happening only sometimes, and disappearing "by itself". I use Debian Jessie, OpenLDAP 2.4.40+dfsg-1+deb8u2.
2.4.40 is 2.5 years old, 5 point releases behind, and had significant known replication issues. I believe there is a build of 2.4.44 in backports for Jessie. I would advise using that instead. As far as debug logging, you would need to use "-d -1" to slapd, rather than attempting to set the loglevel to -1, as some debug logging is only possible via the slapd daemon. But your first step is to move to a current release. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>
Hello !
Thanks for your reply. I just upgraded the preproduction environment provider and consumers to the jessie-backports version. I will check the prod to preprod injections during the next days then let you know.
Have a good weekend !
Hello !
I upgraded to 2.4.44 but still had problems (less, though). So I used "-d -1" with slapd instead of olcLoglevel as you said then I noticed there was a problem with certificate validation even with using demand or allow for TLS reqcert in olcSyncrepl and in /etc/ldap/ldap.conf. I was at that time using self-signed certificates.
So I set up a PKI and now it looks OK regarding syncrepl. So I guess my problem might be related to ITS#8427, which I didn't see before posting here.
I still have issues though, with applications randomly failing STARTTLS to my consumers :-(
Regards,
|