--On Monday, June 26, 2017 7:11 AM +0000 Juergen.Sprenger@swisscom.com wrote:
Cert authentication works on 2.4.44-r1 without any problem.
Now you're switching topics. Your original mail did not include cert authentication, it used simple binds:
syncrepl rid=000 provider=ldaps://ldap.dannatu.ch:636 type=refreshAndPersist retry="5 5 300 +" searchbase="dc=dannatu,dc=ch" attrs="*,+" scope=sub bindmethod=simple binddn="cn=Manager,dc=dannatu,dc=ch" credentials=**************
Either way, cert authentication AND TLS encrypted syncrepl both work for me with OpenSSL 1.0.2l and OpenLDAP 2.4.45 just fine, so I would have to again guess issues with proper TLS configuration.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com