On Thursday 06 December 2007 16:50:16 Cristian Laufer wrote:
Hello Quanah,
sorry, I am actually using:
provider=ldap://192.168.0.7:389
Would that be ok to use?
Cristian
Quanah Gibson-Mount schrieb:
--On December 5, 2007 3:17:01 PM +0100 Cristian Laufer
laufer@uni-koblenz-landau.de wrote:
Hello All, syncrepl rid=123 starttls=yes provider=ldap://ldapmaster:389
TLS generally required FQDN's. Fix your provider URL.
The name you provide to the software must match the subject CN on the cert.
However, instead of guessing, why don't you rather do an ldapsearch, exactly as your syncrepl is configured, with SSL enabled etc., until you can get ldapsearch to accept the cert.
I haven't tried a subjectCN of an IP, but I suspect that wouldn't work, you would rather use a subjectAlternateName=IP:192.168.0.7 ... but you should rather just use a hostname (entry in /etc/hosts if necessary to get it to the right IP) that matches the subjectCN on the cert.
Regards, Buchan