Craig Worgan wrote:
I actually thought that my certificate was bad, until I went back to 2.3
with the same certificate and configuration and it worked fine. Quanah
pointed out the new TLS related syncrepl options which, when I added
them to my config, fixed the problem. Thing is, I pointed the syncrepl
options to the same certificate I am using for the TLS* server
certificate directives. I am using a compound certificate, so my TLS
related config looks like this:
Combining the private and public elements of the certs into one file is not wise.
In 2.4, if you configure syncrepl over TLS and omit the new options,
does OpenLDAP use the values that are configured for the server
certificate settings (TLS*), if any?
That's already explicitly stated in the slapd.conf(5) manpage.
If so, I'm confused as to why it
failed for me originally.
I have no idea, it works for me.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/