Ulrich.Windl@rz.uni-regensburg.de wrote:

Full_Name: Ulrich Windl Version: 2.4.26 OS: Linux (SLES11 SP2) URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (132.199.152.129)

I was able to set up a master LDAP server and a replication consumer using the physical host names and TLS. However when I tried to bind slapd on a virtual IP address ("interface alias"), I never got slapd working (even though I fixed the certificates for TLS, of course). Dynamic configuration ("cn=config") seems to make things very difficult, because slapd ends in a state where _nobody_ can make configuration changes.

Use the openldap-technical mailing list to ask for configuration help.

You talk about IP addresses and yet in your quoted text below you are using hostnames. Be consistent when you post your question to the mailing list otherwise no one will understand what you're asking for.

Closing this ITS.

It seems slapd tried to use the wrong URI (using the physical host where nobody is listening): slapd[10036]: slap_client_connect: URI=ldap://phost.domain.org/ Error, ldap_start_tls failed (-1) slapd[10036]: do_syncrepl: rid=002 rc -1 retrying

slapd is listening on ldap://vhost.domain.org/ however.

I read lots of procedures using Google, but could not find the solution for this problem. Thus I suggest to add documentation how to configure such a scenario:

1. Set up an LDAP Master server that provides service on a specific IP address

using TLS 2) Set up a replication consumer that provides service on a specific IP address using TLS also 3) The replication consumer should use the address where the master server listens for replication

It sounds like an every-day setup, but I failed multiple times, thus the request for documentation.