--On Thursday, June 29, 2017 5:07 PM +0100 Andrew Findlay andrew.findlay@skills-1st.co.uk wrote:
It seems that the CA cert was never referenced in the syncrepl clause, so it would have dropped back to whatever TLS config was in the LDAP *client* config file (probably /etc/ldap/ldap.conf). I seem to remember a change in behaviour of OpenSSL libs a while ago where I was bitten by something similar. Maybe Juergen's earlier setup used ldap.conf and the new one is ignoring it?
Could be. My specific suggestion to him was to add a line for the CA. Instead, he added a line for the CA and the two additional lines for a cert & key (which would imply certificate authentication).
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org