Replication problem using synrepl with TLS (Starttls)
by Germain Maurice
Hi everybody,
I use replication between my openldap provider and an openldap consumer,
i use syncrepl over TLS connection.
I managed to make it working... but now, it doesn't want to work. I just
have done a reboot on the consumer and the replication does not want to
work again.
Here is the log line i get :
slap_client_connect: URI=ldaps://provider.mydomain.net DN="cn=syncrepl,dc=mydomain.net" ldap_sasl_bind_s failed (-1)
My openldap servers use cn=config directives, on my consumer i have this :
olcSyncrepl: {0}rid=000 provider=*ldap://provider.mydomain.net*
searchbase=dc=mydomain.net
bindmethod=simple
binddn=cn=syncrepl,dc=mydomain.net
credentials=XXXXX
retry="60 +"
type=refreshOnly
interval=00:00:10:00
starttls=yes
tls_cert=/etc/ssl/certs/ca-cert.pem
tls_cacert=/etc/ssl/certs/ca-cert.pem
tls_key=/etc/ssl/private/ca-key.pem
If you want see more of my configuration have a look to my blog :
http://erralt.wordpress.com/2010/01/19/openldap-syncrepl-via-tls-ssl/
Any idea on this error ?
ldap_sasl_bind_s failed (-1)
Thank you
Best regards
--
Germain Maurice
Administrateur Système
Tel : +33.(0)1.42.43.64.13
**linkfluence news & events**
2009 excellence award nominee from ESOMAR
2009 marketing research silver award from semo & marketing magazine (France)
2009 european excellence award recipient (PR evaluation, wahlradar.de, joint project with Publicis Consultants)
13 years, 8 months
- 1
- 0
TLS Replication on Ubuntu 9.04
by anjan.prasad@wipro.com
Hi,
I have configured Multi Master replication on top of that I have
configured starttls replication. Intially when I configured and
restarted the Slave Open LDAP server, the replication worked fine only
for the first time. After that I am getting the below error in the log
message
slapd[6602]: slap_client_connect: URI=ldap://*****/
DN="cn=admin,dc=**,dc=**,dc=**" ldap_sasl_bind_s failed (49)
When I try to do the ldapsearch using -ZZ it fails. Previously without
replication configured as a standalone the ldapsearch was working fine
with -ZZ and also with ldaps
Now after replication configured, I get the below error.
ldapsearch -LLL -x -W -D 'cn=admin,dc=**,dc=**,dc=**' -H
ldap://<ldapURL> -ZZ '(uid=john)'
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
Any help with this regard will be great help.
Thanks & Regards,
Anjan
Please do not print this email unless it is absolutely necessary.
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
www.wipro.com
13 years, 8 months
- 1
- 0