I now have a new issue with TLS : certificate files are even not red and presented to the server anymore.
I have this on server ldap2 :
syncrepl rid=211 provider=ldap://ldap1.example.fr:389 searchbase="dc=example,dc=fr" schemachecking=on type=refreshOnly interval=00:00:00:05 retry="10 +" bindmethod=sasl saslmech=external authcid="cn=replicator,ou=system,dc=example,dc=fr" authzid="dn:cn=replicator,ou=system,dc=example,dc=fr" tls_cacert=/etc/openldap/cacerts/CA.crt tls_cert=/etc/openldap/cacerts/syncrepl.crt tls_key=/etc/openldap/cacerts/syncrepl.key tls_reqcert=demand
I get this as error : "ldap_sasl_interactive_bind_s failed (-6)"
and if I launch slapd through strace I see that /etc/openldap/cacerts/syncrepl.crt is never opened (then never presented to the server).
Note that on the server I have configured :
TLSVerifyClient demand
To be sure that the server ask for the certificate.
What have I forgotten ? Please help me to diag where is the problem.
--- Olivier
P.S :
I can't be absolutely affirmative since I'm under testing, but I think that worked before, and I start to beleive that update from openldap-servers-2.4.23-15.el6_1.1.x86_64 to openldap-servers-2.4.23-15.el6_1.3.x86_64
on redhat 6 produces problems.