On 09/25/13 13:43 -0700, Chad Scott wrote:
I'm having a lot of trouble with replication when using SSL. If I configure everything exactly the same without SSL, it works flawlessly. The instant I try to encrypt traffic, one or both servers will deadlock, even after restart.
Does slapd still respond? If so, verify that your entropy is not being depleted for your ssl connections. I believe by default openssl uses /dev/random which can block. Check /proc/sys/kernel/random/entropy_avail.
I'm configuring according to the instructions at http://www.openldap.org/doc/admin24/replication.html#N-Way Multi-Master, except using ldaps:// instead of ldap://.
In cn=config, I've setup: olcTLSCACertificateFile: /etc/openldap/certs/Operations_CA_Certificate.pem olcTLSCertificateFile: /etc/openldap/certs/ldap.pem olcTLSCertificateKeyFile: /etc/openldap/certs/ldap.key
I've also tried using STARTTLS over ldap:// and it seems to make no difference.
Permissions are right and I can connect via SSL from clients without issue.
I'm completely stumped as to what might be going on. Has anyone seen this before?
This is running on Scientific Linux 6 with the following packages: openldap-2.4.23-32.el6_4.x86_64 openldap-clients-2.4.23-32.el6_4.x86_64 openldap-servers-2.4.23-32.el6_4.x86_64