Re: Delta-Sync w/ TLS troubles

Tuesday, 30 June 2009

Peter Clark <clarkp(a)mtmary.edu&gt; writes:

...
 Hello,

 I have a FreeBSD 7.2 Release box with openldap-2.4.16 installed on it. I
 have followed the Admin guide to setting up Delta-Sync replication and
 it works as long as I do not use either the "ldaps" or "starttls=yes"
on
 the slave. ie:

 syncrepl  rid=0
         provider=ldap://joe.pdq.edu
         starttls=yes
         bindmethod=simple
         binddn="cn=ldaproot,dc=pdq,dc=edu"
         credentials="XXXXXXXXX"
         searchbase="dc=pdq,dc=edu"
         logbase="cn=accesslog"
         logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
         schemachecking=on
         type=refreshAndPersist
         retry="60 +"
         syncdata=accesslog 
I am missing at least the path to the CA file, something like
tls_cacert=<path.to.file>
man slapd.conf(5) for more tls related configuration parameters.

This is my slapd.conf
syncrepl rid=05
        provider=ldap://some.host
        sizelimit=unlimited
        bindmethod=sasl
        saslmech=external
        starttls=yes
        tls_cert=/opt/openldap/etc/openldap/certs/replicator.pem
        tls_key=/opt/openldap/etc/openldap/certs/replicator-key.pem
        tls_cacert=/opt/openldap/etc/openldap/certs/avciCA.pem
        tls_reqcert=try
        searchbase="o=avci,c=de"
        scope=sub
        type=refreshAndPersist
        retry="5 5 300 5"
updateref ldap://some.host

-Dieter

-- 
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:8EF7B6C6
53°08'09,95"N
10°08'02,42"E

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

Re: Delta-Sync w/ TLS troubles