Jorge Medina wrote:
I am trying to create a master-slave replication with chaining overlay enabled in the slave to redirect writes request to the master.
I have it working using ldap:// but I have not been able to configure the chain overlay using a secure connection ldaps:// (running on port 5636 on the master)
My master server do not require client certificates.,
I added the following lines:
overlay chain chain-uri "ldaps://masterldap.example.com:5636" chain-idassert-bind bindmethod="simple" binddn="cn=Manager,dc=example,dc=com" credentials="secret" mode="self" tls_cacert="/path/to/my/CA/cert.pem" chain-return-error TRUE
But I get "TLS negotiation failure" on the syslog
I am using ldaps:// for replication, but I can't configure it for chaining
"There are very few chain overlay specific directives; however, directives related to the instances of the ldap backend that may be implicitly instantiated by the overlay may assume a special meaning when used in conjunction with this overlay. They are described in slapd-ldap(5), and they also need to be prefixed by chain-."
So have a read of man slapd-ldap for the tls statements.