Andrew Higginbotham wrote: >Hi, > >I am trying to setup a replication server using Openldap-2.3.27. I have >set it up (detailed below) and I get on the slave > >TLS: can't accept. >TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol >s23_srvr.c:580 > >What is really strange is that I can log on and make manual modifications >to the slave from the master as the replication user with the password >specified >in slapd.conf (yes, over tls!). > >I was thinking it might be because of differing ssl versions, but I tried >switching to SSLv3 and the config file and it had no effect. > >Does any one have some tips that would help me additionally debug this >problem or get an idea of where the failure is? > >// Relevant config file lines on master >replica host=<<hostname>>:636 > binddn="cn=replicator,dc=hmc,dc=edu" > tls=yes > bindmethod=simple > credentials=<<password>> If you're using port 636 then you're most likely using ldaps. You need to use an ldaps:// uri here, not the host/tls options.

> >// Relevant config lines on slave >TLSCipherSuite HIGH:MEDIUM:+SSLv3 > >updatedn "cn=replicator,dc=hmc,dc=edu" >updateref ldaps://<<ref>> > > >Thanks, >Andrew > >. > -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/

> When I do this I get > > Error: parse_replica_line: unknown keyword "uri=ldaps://<<hostname>>:636" > Error: Malformed "replica" line in slapd config file, line 120 > Warning: failed to add replica "(null):0 - ignoring replica > > I think it is because the replication master is using an older version > of ldap > (2.1.25). Could the version difference prove to be an insurmountable > problem?

> ~Andrew You can try "slaptest -d 64" to see what's going on with the config parsing, but you're probably going to get hurt running 2.1.25. slapcat/slapadd to a newer version and you'll be much better off.