I am trying to create a master-slave replication with chaining overlay enabled in the slave to redirect writes request to the master.
I have it working using ldap:// but I have not been able to configure the chain overlay using a secure connection ldaps:// (running on port 5636 on the master)
My master server do not require client certificates.,
I added the following lines:
overlay chain chain-uri "ldaps://masterldap.example.com:5636" chain-idassert-bind bindmethod="simple" binddn="cn=Manager,dc=example,dc=com" credentials="secret" mode="self" tls_cacert="/path/to/my/CA/cert.pem" chain-return-error TRUE
But I get "TLS negotiation failure" on the syslog
I am using ldaps:// for replication, but I can't configure it for chaining
Any hints?
-----Original Message----- From: Gavin Henry [mailto:ghenry@suretecsystems.com] Sent: Tuesday, July 01, 2008 3:55 AM To: Jorge Medina Cc: openldap-software@openldap.org Subject: Re: Chaining
<quote who="Jorge Medina">
One more question, this time on the chaining overlay.
"What is chaining? It indicates the capability of a DSA to follow referrals on behalf of the client, so that distributed systems are viewed as a single virtual DSA by clients that are otherwise unable to "chase" (i.e. follow) referrals by themselves."
In the example shown at
http://www.openldap.org/doc/admin24/overlays.html#Chaining
Is the chaining overlay example used to forward write
requests from the syncrepl slaves to the master server?
Yes, correct.