Hey everyone.

Just setup a multi master configuration on two openldap 2.4 systems on Centos 7. Replication seems to be working and I can do ldapsearches with ldap or ldaps while I'm ON the boxes.

I'm finding when I try to do a ldapsearch  using ldaps from an external box I get the following error:

Jun 09 18:36:29 prod-openldap-01 slapd[20102]: conn=1301 fd=19 TLS established tls_ssf=256 ssf=256

Jun 09 18:36:29 prod-openldap-01 slapd[20102]: conn=1301 fd=19 closed (connection lost)

Example search :

ldapsearch -x -LLL -W -D "cn=ldapadm,dc=<domain redacted>,dc=com" -H ldaps://public-ldap-01.<domain redacted> -b 'dc=<domain redacted>,dc=com' -s sub "(objectclass=uid)" *

in /etc/sysconfig/slapd I have the following:

SLAPD_URLS="ldapi:/// ldap://stage-openldap-01.<domain redacted> ldaps:///"

The ldap:// address reflects what was setup for the olcServerID when I was setting up. However if I check slaptest -f /etc/sysconfig/slapd -v I get:

5ee10c18 /etc/sysconfig/slapd: line 10: unknown directive <SLAPD_URLS=ldapi:/// ldap://stage-openldap-01.<domain redacted>.com ldaps:///> outside backend info and database definitions.

slaptest: bad configuration file!

I haven't setup an ldap server in years so I'm not sure where my problem is. If I can get external auth and searches working via ldaps the build will be complete.

Appreciate any help anyone can give.

Regards,

Aric