syncrepl - ldap_start_tls failed (-11)

Hello All,

Im trying to setup syncrepl with TLS. But so far it won´t work. Actually Im a bit confused because Provider.log says "TLS established" and consumer.log "ldap_start_tls failed (-11)".

My settings are as follows:

provider slapd.conf:

overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100

consumer slapd.conf:

index entryCSN,entryUUID eq

syncrepl rid=123 starttls=yes provider=ldap://ldapmaster:389 type=refreshAndPersist interval=00:00:00:01 searchbase="dc=test,dc=de" filter="(objectclass=*)" scope=sub attrs="*" schemachecking=off updatedn="cn=syncuser,ou=system,dc=test,dc=de" credentials="xxx" bindmethod=simple binddn="cn=admin,dc=uni-koblenz-landau,dc=de" credentials="xxx"

provider.log:

Dec 5 15:40:57 testldap slapd[8997]: conn=2 op=3 UNBIND Dec 5 15:40:57 testldap slapd[8997]: conn=2 fd=15 closed Dec 5 15:41:01 testldap slapd[8997]: conn=3 fd=15 ACCEPT from IP=192.168.1.2:50400 (IP=0.0.0.0:389) Dec 5 15:41:01 testldap slapd[8997]: conn=3 op=0 STARTTLS Dec 5 15:41:01 testldap slapd[8997]: conn=3 op=0 RESULT oid= err=0 text= Dec 5 15:41:01 testldap slapd[8997]: conn=3 fd=15 TLS established tls_ssf=256 ssf=256 Dec 5 15:41:01 testldap slapd[8997]: conn=3 op=1 BIND dn="cn=admin,dc=test,dc=de" method=128 Dec 5 15:41:01 testldap slapd[8997]: conn=3 op=1 BIND dn="cn=admin,dc=test,dc=de" mech=SIMPLE ssf=0 Dec 5 15:41:01 testldap slapd[8997]: conn=3 op=1 RESULT tag=97 err=0 text= Dec 5 15:41:01 testldap slapd[8997]: conn=3 op=2 SRCH base="dc=test,dc=de" scope=2 deref=0 filter="(objectClass=*)" Dec 5 15:41:01 testldap slapd[8997]: conn=3 op=2 SRCH attr=* structuralObjectClass entryCSN

consumer.log:

Dec 5 14:49:50 TESTNETZ-BDC slapd[6513]: slapd starting Dec 5 14:49:51 TESTNETZ-BDC slapd[6513]: Warning: rid 123 ldap_start_tls failed (-11) Dec 5 14:49:51 TESTNETZ-BDC slapd[6513]: conn=0 fd=25 ACCEPT from IP=127.0.0.1:54163 (IP=0.0.0.0:389) Dec 5 14:49:51 TESTNETZ-BDC slapd[6513]: conn=0 op=0 BIND dn="" method=128 Dec 5 14:49:51 TESTNETZ-BDC slapd[6513]: conn=0 op=0 RESULT tag=97 err=0 text= Dec 5 14:49:51 TESTNETZ-BDC slapd[6513]: conn=0 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" Dec 5 14:49:51 TESTNETZ-BDC slapd[6513]: conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 5 14:49:51 TESTNETZ-BDC slapd[6513]: conn=0 op=2 UNBIND Dec 5 14:49:51 TESTNETZ-BDC slapd[6513]: conn=0 fd=25 closed

Does someone know what part of the setup could be wrong? Are there more config files needed?

I would appreciate any help or hint!

Thank you!

Cristian