Hello
I try to use replication with slurpd, using TLS to secure access to the replicas.
1) On the master, slapd.conf contains this: database bdb suffix "dc=example,dc=net" directory /var/openldap/openldap-data replogfile /var/log/ldap/ldap.replog replica uri=ldaps://ldap1.example.net bindmethod=sasl saslmech=EXTERNAL
I have a slurpd pseudo-user, with a .ldaprc file: SASL_MECH EXTERNAL TLS_CACERT /etc/openssl/certs/ca.crt TLS_KEY /usr/pkg/etc/openldap/slurpd/etc/openssl/slurpd.key TLS_CERT /usr/pkg/etc/openldap/slurpd/etc/openssl/slurpd.crt
2) On the slave, slapd.conf contains: suffix "dc=example,dc=net" directory /var/openldap/openldap-data updatedn "email=...,cn=slurpd,ou=....,o=...,st=...,c=..." updateref ldap://ldap0.example.net
access to * by dn.exact="email=...,cn=slurpd,ou=....,o=...,st=...,c=..." by * none
updatedn is the information I have in slurpd's certificate.
When I update the master, slrupd sees the modification and attempt to propagate it to the salve, but it fails: Error: ldap_modify_s failed modifying DN "cn=foo,dc=example,dc=net": shadow context; no update referral
On the slave, the error is: conn=19 op=7 RESULT tag=103 err=10 text=
I found in <ldap.h> that this err=1à is #define LDAP_REFERRAL 0x0a /* LDAPv3 */
But it does not helps me fixing the problem.
What is wrong?