Good Morning,
I need some help understanding why thing are the way they are. All nodes run slapd 2.3.34 slurpd 2.3.34 on Fedora 7 All nodes keys are self authenticated, i.e. links to from hash.
!!The Problem!! ldapsearch works to NodeB server, iff NodeB_key is present on NodeA slurpd works to NodeB server, iff NodeB_key is present on NodeA
Node A - ldap master/client /etc/ldap/cacerts/NodeA_pub.pem /etc/ldap/cacerts/NodeB_pub.pem /etc/pki/tls/certs/NodeA_key.pem ldapsearch works to NodeA ldap server. /etc/pki/tls/certs/NodeB_key.pem <--Why is this required? ldapsearch works to NodeB server, iff NodeB_key is present on NodeA slurpd works to NodeB server, iff NodeB_key is present on NodeA
Node B - ldap slave/client /etc/ldap/cacerts/NodeA_pub.pem /etc/ldap/cacerts/NodeB_pub.pem /etc/pki/tls/certs/NodeB_key.pem ldapsearch works to all ldap servers.
Node C - ldap client /etc/ldap/cacerts/NodeA_pub.pem /etc/ldap/cacerts/NodeB_pub.pem No Keys present ldapsearch works to all ldap servers.
More details can be provied.