Full_Name: Ulrich Windl Version: 2.4.26 OS: Linux (SLES11 SP2) URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (132.199.152.129)

I was able to set up a master LDAP server and a replication consumer using the physical host names and TLS. However when I tried to bind slapd on a virtual IP address ("interface alias"), I never got slapd working (even though I fixed the certificates for TLS, of course). Dynamic configuration ("cn=config") seems to make things very difficult, because slapd ends in a state where _nobody_ can make configuration changes.

It seems slapd tried to use the wrong URI (using the physical host where nobody is listening): slapd[10036]: slap_client_connect: URI=ldap://phost.domain.org/ Error, ldap_start_tls failed (-1) slapd[10036]: do_syncrepl: rid=002 rc -1 retrying

slapd is listening on ldap://vhost.domain.org/ however.

I read lots of procedures using Google, but could not find the solution for this problem. Thus I suggest to add documentation how to configure such a scenario:

1) Set up an LDAP Master server that provides service on a specific IP address using TLS 2) Set up a replication consumer that provides service on a specific IP address using TLS also 3) The replication consumer should use the address where the master server listens for replication

It sounds like an every-day setup, but I failed multiple times, thus the request for documentation.