On Wed, Feb 28, 2007 at 11:18:26AM +0200, Buchan Milne wrote:

Well, a lot of the aspects of setting this up are not unique to slurpd, but are covered in documentation relating to user authentication with certificates. The errors you posted don't seem to have anything to do with the certificate authentication itself, but seem to be the generic issue of your slurpd not authenticating to the slave as the updatedn.

Here is what I understood: my slurpd's certificate DN contains non ASCII characters, and for that reason, I have been unable to get the slave slapd matching the updatedn. The solution I finally found was to use authz-regex to rewrite slurpd's DN into something that will match.

(...) waste time on a "HOWTO".

Well, as an OpenLDAP user, I know that once you've readen the manual and the FAQ and it's still not working, return of experience from other users gathered with google is valuable. That's why I tend to post how I managed to get the thing working. It will help people looking for the same problem I had, and comments from contributors may help transforming that into some better documentation.