Hello list, I am working on a distributied tree with open ldap.(2-2-23 on sarge) my DIT is fragmented in several pieces. (up to 50...) that I want to replicate on the master tree. I tried to used the syncrepl directive, which look great (first look.) So, after a short while I was able to get shadow copie of one fragment. Right after I tried to replicate the second fragment and problems arrived... I cant' put two syncrepl directive in the consummers ldap! So, is there a solution? a way to get several piece of a tree replicate with syncrepl? If no, another solution would be fair!
Cheers Sebastien
Dennis.Hoffman@seagate.com a écrit :
The client *is* configured - (ldap.conf): .... TLS_CACERT /usr/local/etc/openldapcacert/cacert.pem TLS_REQCERT never ...
The server is configured (slapd.conf): ... TLSCipherSuite HIGH:MEDIUM:+TLSv1:+SSLv2 TLSCACertificateFIle /usr/local/etc/openldap/cacert/cacert.pem TLSCertificateFIle /usr/local/etc/openldap/server.cert TLSCertificateKeyFIle /usr/local/etc/openldap/server.key TLSVerifyClient never .....
Attached is the output of the server - indicating that the ca is still "unknown " I've tried every combination of client/server configurations I can think of, and still get the same thing - I'm not sure what I'm missing here. Thanks Dennis (See attached file: server.out)
Howard Chu <hyc@symas.com> Sent by: To owner-openldap-so Dennis.Hoffman@seagate.com ftware@OpenLDAP.o cc rg openldap-software@OpenLDAP.org No Phone Info Subject Available Re: TLS question 09/29/2006 08:24 PM
Dennis.Hoffman@seagate.com wrote:
Hello:
I am trying to get TLS working on openldap-2.3.20. when I initiate
a
search, the debug info at the server indicates "unknown_ca". According
to
RFC 2246, this means that the "CA certificate could not be located or couldn't be matched with a known, trusted CA". My question: Isn't the slapd.conf "TLSCACertificateFile" directive what tells slapd which CA to trust? If so, why isn't it working?
See the Admin Guide http://www.openldap.org/doc/admin23/tls.html
You need to configure the client.
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/
No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.407 / Virus Database: 268.12.11/460 - Release Date: 01/10/2006