Hi,
I am configuring TLS for syncrepl. But the consumer is not reading any updates from the server. Without tls the configuration was working fine. Please let me know where I am going wrong
On client, my configuration files are as follows
slapd.conf access to attrs=userPassword by self write by users read by anonymous auth
access to attrs=shadowLastChange by self write by * auth
access to * by * read
moduleload syncprov.la
syncrepl rid=124 provider=ldaps://smalldevonly.comverse-in.com:389 type=refreshOnly interval=00:00:01:00 searchbase="dc=comverse-in,dc=com" filter="(objectClass=top)" scope=sub attrs="cn,uidNumber" schemachecking=off bindmethod=simple binddn="cn=Manager,dc=comverse-in,dc=com" credentials=sonora
updateref ldaps://smalldevonly.comverse-in.com
/etc/ldap.conf uri ldaps://smalldevonly.comverse-in.com ldaps://dtr98.comverse-in.com base dc=comverse-in,dc=com ssl start_tls ssl on tls_cacertfile /etc/openldap/cacerts/cacert.pem tls_cacertdir /etc/openldap/cacerts
/etc/openldap/ldap.conf BASE dc=comverse-in,dc=com URI ldaps://smalldevonly.comverse-in.com/ ldaps://dtr98.comverse-in.com
TLS_CACERT /etc/openldap/cacerts/cacert.pem TLS_CACERTDIR /etc/openldap/cacerts TLS_REQCERT allow
Thanks and Regards, Naga Chaitanya
=============================================================================== Please refer to http://www.aricent.com/legal/email_disclaimer.html for important disclosures regarding this electronic communication. ===============================================================================
On 18.07.2011 18:35, Naga Chaitanya Palle wrote:
am configuring TLS for syncrepl. But the consumer is not reading any updates from the server. Without tls the configuration was working fine. Please let me know where I am going wrong
Afaik ldaps is for ssl, not tls, i have working setup with:
provider=ldap://hostname:389 starttls=yes
You can see helpful hints with "loglevel sync" when having sync problems.
-- veiko
Am Mon, 18 Jul 2011 21:05:48 +0530 schrieb Naga Chaitanya Palle Naga.Chaitanya@aricent.com:
Hi,
I am configuring TLS for syncrepl. But the consumer is not reading any updates from the server. Without tls the configuration was working fine. Please let me know where I am going wrong
On client, my configuration files are as follows
slapd.conf access to attrs=userPassword by self write by users read by anonymous auth
access to attrs=shadowLastChange by self write by * auth
access to * by * read
moduleload syncprov.la
syncrepl rid=124 provider=ldaps://smalldevonly.comverse-in.com:389 type=refreshOnly interval=00:00:01:00 searchbase="dc=comverse-in,dc=com" filter="(objectClass=top)" scope=sub attrs="cn,uidNumber" schemachecking=off bindmethod=simple binddn="cn=Manager,dc=comverse-in,dc=com" credentials=sonora
updateref ldaps://smalldevonly.comverse-in.com
[...]
There is a tls_cacert=<path> parameter missing in the syncrepl statements. Please note that syncrepl is a ldap client application and requires appropriate client configuration parameters.
-Dieter
Hi Dieter,
Thanks. With inclusion of tls_cacert, the replication is happening.
Thanks and Regards, Naga Chaitanya
-----Original Message----- From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Dieter Kluenter Sent: Tuesday, July 19, 2011 5:25 PM To: openldap-technical@openldap.org Subject: Re: TLS configuration with syncrepl
Am Mon, 18 Jul 2011 21:05:48 +0530 schrieb Naga Chaitanya Palle Naga.Chaitanya@aricent.com:
Hi,
I am configuring TLS for syncrepl. But the consumer is not reading any updates from the server. Without tls the configuration was working fine. Please let me know where I am going wrong
On client, my configuration files are as follows
slapd.conf access to attrs=userPassword by self write by users read by anonymous auth
access to attrs=shadowLastChange by self write by * auth
access to * by * read
moduleload syncprov.la
syncrepl rid=124 provider=ldaps://smalldevonly.comverse-in.com:389 type=refreshOnly interval=00:00:01:00 searchbase="dc=comverse-in,dc=com" filter="(objectClass=top)" scope=sub attrs="cn,uidNumber" schemachecking=off bindmethod=simple binddn="cn=Manager,dc=comverse-in,dc=com" credentials=sonora
updateref ldaps://smalldevonly.comverse-in.com
[...]
There is a tls_cacert=<path> parameter missing in the syncrepl statements. Please note that syncrepl is a ldap client application and requires appropriate client configuration parameters.
-Dieter
-- Dieter Klünter | Systemberatung sip: 7770535@sipgate.de http://www.daasi.de/ldapcon2011/ GPG Key ID:8EF7B6C6
=============================================================================== Please refer to http://www.aricent.com/legal/email_disclaimer.html for important disclosures regarding this electronic communication. ===============================================================================
openldap-technical@openldap.org
-
Dieter Kluenter -
Naga Chaitanya Palle -
Veiko Kukk