Am Dienstag 08 Dezember 2009 11:53:41 schrieb hyc@symas.com:
rhafer@suse.de wrote:
Am Montag 07 Dezember 2009 21:22:08 schrieb quanah@zimbra.com:
--On Monday, December 07, 2009 2:24 PM +0000 rhafer@suse.de wrote:
olcSyncrepl: {0}rid=1 provider="ldap://master/" searchbase="dc=test" type="refreshAndPersist" starttls=critical bindmethod="simple" binddn="uid=syncrepl,dc=test" credentials="XXXXXX"
Question is if this is a bug in the documentation or in the code. I think it's the latter.
Howard believes this is fixed in head with servers/slapd/config.c 1.508 -> 1.509. Can you please test and let us know the result?
It solves the problem only partially. It still doesn't work when using "ldaps://" uris AFAICS.
The code was assuming that at least one of the other TLS config keywords would also be used in these situations. Most of the time the slapd TLS config would only be appropriate for server use, and would need to be overridden when acting as a client.
Anyway, this is now fixed in HEAD.
Confirmed.