Hey everyone.
Just setup a multi master configuration on two openldap 2.4 systems on Centos 7. Replication seems to be working and I can do ldapsearches with ldap or ldaps while I'm ON the boxes.

I'm finding when I try to do a ldapsearch  using ldaps from an external box I get the following error:

Jun 09 18:36:29 prod-openldap-01 slapd[20102]: conn=1301 fd=19 TLS established tls_ssf=256 ssf=256
Jun 09 18:36:29 prod-openldap-01 slapd[20102]: conn=1301 fd=19 closed (connection lost)

Example search :
ldapsearch -x -LLL -W -D "cn=ldapadm,dc=<domain redacted>,dc=com" -H ldaps://public-ldap-01.<domain redacted> -b 'dc=<domain redacted>,dc=com' -s sub "(objectclass=uid)" *
in /etc/sysconfig/slapd I have the following:

SLAPD_URLS="ldapi:/// ldap://stage-openldap-01.<domain redacted> ldaps:///"

The ldap:// address reflects what was setup for the olcServerID when I was setting up. However if I check slaptest -f /etc/sysconfig/slapd -v I get:

5ee10c18 /etc/sysconfig/slapd: line 10: unknown directive <SLAPD_URLS=ldapi:/// ldap://stage-openldap-01.<domain redacted>.com ldaps:///> outside backend info and database definitions.
slaptest: bad configuration file!

I haven't setup an ldap server in years so I'm not sure where my problem is. If I can get external auth and searches working via ldaps the build will be complete.

Appreciate any help anyone can give.
Regards,
Aric


Sent from Mailspring, the best free email app for work
Sent from Mailspring