syncrepl - ldap_start_tls failed (-11) - openldap-software

5 Dec 2007


      Hello All,
Im trying to setup syncrepl with TLS. But so far it won´t work.
Actually Im a bit confused because Provider.log says "TLS established" 
and consumer.log "ldap_start_tls failed (-11)".
My settings are as follows:
provider slapd.conf:
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
consumer slapd.conf:
index entryCSN,entryUUID eq
syncrepl rid=123
starttls=yes
provider=ldap://ldapmaster:389
type=refreshAndPersist
interval=00:00:00:01
searchbase="dc=test,dc=de"
filter="(objectclass=*)"
scope=sub
attrs="*"
schemachecking=off
updatedn="cn=syncuser,ou=system,dc=test,dc=de"
credentials="xxx"
bindmethod=simple
binddn="cn=admin,dc=uni-koblenz-landau,dc=de"
credentials="xxx"
provider.log:
Dec 5 15:40:57 testldap slapd[8997]: conn=2 op=3 UNBIND
Dec 5 15:40:57 testldap slapd[8997]: conn=2 fd=15 closed
Dec 5 15:41:01 testldap slapd[8997]: conn=3 fd=15 ACCEPT from 
IP=192.168.1.2:50400 (IP=0.0.0.0:389)
Dec 5 15:41:01 testldap slapd[8997]: conn=3 op=0 STARTTLS
Dec 5 15:41:01 testldap slapd[8997]: conn=3 op=0 RESULT oid= err=0 text=
Dec 5 15:41:01 testldap slapd[8997]: conn=3 fd=15 TLS established 
tls_ssf=256 ssf=256
Dec 5 15:41:01 testldap slapd[8997]: conn=3 op=1 BIND 
dn="cn=admin,dc=test,dc=de" method=128
Dec 5 15:41:01 testldap slapd[8997]: conn=3 op=1 BIND 
dn="cn=admin,dc=test,dc=de" mech=SIMPLE ssf=0
Dec 5 15:41:01 testldap slapd[8997]: conn=3 op=1 RESULT tag=97 err=0 text=
Dec 5 15:41:01 testldap slapd[8997]: conn=3 op=2 SRCH 
base="dc=test,dc=de" scope=2 deref=0 filter="(objectClass=*)"
Dec 5 15:41:01 testldap slapd[8997]: conn=3 op=2 SRCH attr=* 
structuralObjectClass entryCSN
consumer.log:
Dec 5 14:49:50 TESTNETZ-BDC slapd[6513]: slapd starting
Dec 5 14:49:51 TESTNETZ-BDC slapd[6513]: Warning: rid 123 ldap_start_tls 
failed (-11)
Dec 5 14:49:51 TESTNETZ-BDC slapd[6513]: conn=0 fd=25 ACCEPT from 
IP=127.0.0.1:54163 (IP=0.0.0.0:389)
Dec 5 14:49:51 TESTNETZ-BDC slapd[6513]: conn=0 op=0 BIND dn="" method=128
Dec 5 14:49:51 TESTNETZ-BDC slapd[6513]: conn=0 op=0 RESULT tag=97 err=0 
text=
Dec 5 14:49:51 TESTNETZ-BDC slapd[6513]: conn=0 op=1 SRCH base="" 
scope=0 deref=0 filter="(objectClass=*)"
Dec 5 14:49:51 TESTNETZ-BDC slapd[6513]: conn=0 op=1 SEARCH RESULT 
tag=101 err=0 nentries=1 text=
Dec 5 14:49:51 TESTNETZ-BDC slapd[6513]: conn=0 op=2 UNBIND
Dec 5 14:49:51 TESTNETZ-BDC slapd[6513]: conn=0 fd=25 closed
Does someone know what part of the setup could be wrong? Are there more 
config files needed?
I would appreciate any help or hint!
Thank you!
Cristian