Götz Reinicke - IT-Koordinator goetz.reinicke@filmakademie.de writes:
Hi folks,
[...]
My consumer server should bind to the provider using sasl with the saslmech external. (Red Hat 5.x, cyrus-sasl-2.1.22, openldap-2.3.43-3 )
I'v changed the slapd.conf files on both servers:
consumer:
syncrepl ... bindmethod=sasl saslmech=EXTERNAL starttls=yes
provider:
authz-regexp "dn=email=webmaster@filmakademie.de,cn=ldap2.filmakademie.de,ou=it officenet,o=filmakademie baden-wuerttemberg gmbh,l=ludwigbsburg,st=baden-wuerttemberg,c=de" "cn=replicator,dc=filmakademie,dc=de"
after restarting both servers I do get the error:
<==slap_sasl2dn: Converted SASL name to <nothing> SASL [conn=0] Error: unable to open Berkeley db /etc/sasldb2: No such file or directory
[...]
I don't see a configuration for client certs, as an example I provide my slapd.conf
syncrepl rid=042 provider=ldap://rubin.avci.de sizelimit=unlimited bindmethod=sasl saslmech=external starttls=yes tls_cert=/etc/openldap/certs/replicator.pem tls_key=/etc/openldap/certs/replicator-key.pem tls_cacert=/etc/openldap/certs/avciCA.pem tls_reqcert=demand searchbase="o=avci,c=de" scope=sub [...]
-Dieter