Dieter Kluenter wrote:
Peter Clark clarkp@mtmary.edu writes:
Hello,
I have a FreeBSD 7.2 Release box with openldap-2.4.16 installed on it. I have followed the Admin guide to setting up Delta-Sync replication and it works as long as I do not use either the "ldaps" or "starttls=yes" on the slave. ie:
syncrepl rid=0 provider=ldap://joe.pdq.edu starttls=yes bindmethod=simple binddn="cn=ldaproot,dc=pdq,dc=edu" credentials="XXXXXXXXX" searchbase="dc=pdq,dc=edu" logbase="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog
I am missing at least the path to the CA file, something like tls_cacert=<path.to.file> man slapd.conf(5) for more tls related configuration parameters.
This is my slapd.conf syncrepl rid=05 provider=ldap://some.host sizelimit=unlimited bindmethod=sasl saslmech=external starttls=yes tls_cert=/opt/openldap/etc/openldap/certs/replicator.pem tls_key=/opt/openldap/etc/openldap/certs/replicator-key.pem tls_cacert=/opt/openldap/etc/openldap/certs/avciCA.pem tls_reqcert=try searchbase="o=avci,c=de" scope=sub type=refreshAndPersist retry="5 5 300 5" updateref ldap://some.host
-Dieter
Thanks Dieter,
I reread the 2.4 Admin guide for the 11 billionth time and those little words finally stood out:
"Most of the client configuration directives parallel the server directives. The names of the directives are different, and they go into ldap.conf(5) instead of slapd.conf(5)..."
<sigh>
Peter