Just updated slapd.conf with CA Certs and trying to get mirroring synchronization to work.

Running into the following:

slapd -d sync @(#) $OpenLDAP: slapd 2.4.23 (Feb 3 2014 19:11:35) $

mockbuild@c6b10.bsys.dev.centos.org:/builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd /etc/openldap/slapd.conf: line 163: warning, destination attributeType 'sAMAccountName' is not defined in schema PROXIED attributeDescription "SAMACCOUNTNAME" inserted. /etc/openldap/slapd.conf: line 213: rootdn is always granted unlimited privileges. bdb_monitor_db_open: monitoring disabled; configure monitor database to enable slapd starting TLS: error: the certificate '/etc/openldap/certs/ldap_example_net.crt' could not be found in the database - error -12285:Unable to find the certificate or key necessary for authentication.. TLS: certificate '/etc/openldap/certs/ldap_example_net.crt' successfully loaded from PEM file. TLS: no unlocked certificate for certificate 'CN=ldap.example.net,O="xx-xxxxxxx, INC.",L=xxxx,ST=xxxxxx,C=US'. do_syncrep2: rid=001 LDAP_RES_INTERMEDIATE - REFRESH_DELETE

In my slapd.conf I have setup (Provider setup):

TLSCertificateFile /etc/openldap/certs/ldap_example_net.crt TLSCertificateKeyFile /etc/openldap/certs/ldap_example_net.key TLSCACertificateFile /etc/openldap/certs/CAcompany.crt

serverID 1 overlay syncprov

#syncprov-checkpoint 100 10 syncprov-checkpoint 100 2

syncprov-sessionlog 100

#LDAP Sync - Slave - Consumer syncrepl rid=001 provider=ldaps://ldap-west.examplel.net bindmethod=simple binddn="cn=xxxxx,ou=Roles,dc=pcoral,dc=net" credentials=xxxxxxxxxxxx searchbase="dc=example,dc=net" filter="(objectclass=*)" attrs="*" schemachecking=on type=refreshAndPersist interval=00.00.00:30 retry="60 +" mirrormode on

So, not sure why the synchronization isn't working?

Thanks!!!