--On Friday, January 31, 2014 1:20 PM -0500 "Borresen, John - 0442 - MITLL" John.Borresen@ll.mit.edu wrote:
Thanks, Quanah
Not sure what you meant by " Well, it may not have been this issue, but it definite would become an issue then."
Was what I did a good thing or not? Curious minds want to know. <lol>
The lack of read permissions for the replication user would absolutely be an issue at some point. ;)
MM Server1: # ldapsearch -H ldap://mm-server1.example.ldap -d 256 -x -D # cn=admin,cn=config -W -ZZ -b olcDatabase={1}bdb,cn=config olcSyncrepl
What CA cert is your ldapsearch command using?
--Quanah
--
Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Thanks for the quick response Quanah...
I am using /usr/local/openldap/etc/openldap/CA/cacert.pem
It is using the same file location on all servers.
It is a wildcard cert.
-----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] Sent: Friday, January 31, 2014 1:26 PM To: Borresen, John - 0442 - MITLL; openldap-technical@openldap.org Subject: RE: Syncrepl and mmr
--On Friday, January 31, 2014 1:20 PM -0500 "Borresen, John - 0442 - MITLL" John.Borresen@ll.mit.edu wrote:
Thanks, Quanah
Not sure what you meant by " Well, it may not have been this issue, but it definite would become an issue then."
Was what I did a good thing or not? Curious minds want to know. <lol>
The lack of read permissions for the replication user would absolutely be an issue at some point. ;)
MM Server1: # ldapsearch -H ldap://mm-server1.example.ldap -d 256 -x -D # cn=admin,cn=config -W -ZZ -b olcDatabase={1}bdb,cn=config olcSyncrepl
What CA cert is your ldapsearch command using?
--Quanah
--
Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Checking my production servers, which is only using Delta-syncrepl
Those servers are using SSL3 over port 636, and the olcSyncrepl has "starttls=no" and using the "tls_certdir"
Thanks in advance John
-----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] Sent: Friday, January 31, 2014 1:26 PM To: Borresen, John - 0442 - MITLL; openldap-technical@openldap.org Subject: RE: Syncrepl and mmr
--On Friday, January 31, 2014 1:20 PM -0500 "Borresen, John - 0442 - MITLL" John.Borresen@ll.mit.edu wrote:
Thanks, Quanah
Not sure what you meant by " Well, it may not have been this issue, but it definite would become an issue then."
Was what I did a good thing or not? Curious minds want to know. <lol>
The lack of read permissions for the replication user would absolutely be an issue at some point. ;)
MM Server1: # ldapsearch -H ldap://mm-server1.example.ldap -d 256 -x -D # cn=admin,cn=config -W -ZZ -b olcDatabase={1}bdb,cn=config olcSyncrepl
What CA cert is your ldapsearch command using?
--Quanah
--
Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount wrote:
--On Friday, January 31, 2014 1:20 PM -0500 "Borresen, John - 0442 - MITLL" John.Borresen@ll.mit.edu wrote:
Thanks, Quanah
Not sure what you meant by " Well, it may not have been this issue, but it definite would become an issue then."
Was what I did a good thing or not? Curious minds want to know. <lol>
The lack of read permissions for the replication user would absolutely be an issue at some point. ;)
To put it the other way round: It's very hard to implement partial replication correctly. ;-}
Ciao, Michael.
I'm not trying to implement partial replication. Throwing darts from 100 miles away and trying to hit a penny nailed to the opposite side of tree...yes that is what I feel like I'm doing. :(
-----Original Message----- From: Michael Ströder [mailto:michael@stroeder.com] Sent: Friday, January 31, 2014 2:15 PM To: Quanah Gibson-Mount; Borresen, John - 0442 - MITLL; openldap-technical@openldap.org Subject: Re: Syncrepl and mmr
Quanah Gibson-Mount wrote:
--On Friday, January 31, 2014 1:20 PM -0500 "Borresen, John - 0442 - MITLL" John.Borresen@ll.mit.edu wrote:
Thanks, Quanah
Not sure what you meant by " Well, it may not have been this issue, but it definite would become an issue then."
Was what I did a good thing or not? Curious minds want to know. <lol>
The lack of read permissions for the replication user would absolutely be an issue at some point. ;)
To put it the other way round: It's very hard to implement partial replication correctly. ;-}
Ciao, Michael.
openldap-technical@openldap.org
-
Borresen, John - 0442 - MITLL -
Michael Ströder -
Quanah Gibson-Mount