The replication worked with 2.4.44-r1 anyway.

In the main section I have these entries:

security tls=1

TLSProtocolMin 3.3 TLSCipherSuite HIGH:MEDIUM:!SSLv2:!SSLv3 TLSCertificateFile /etc/ssl/openldap/dannatu.ch.pem TLSCertificateKeyFile /etc/ssl/openldap/dannatu.ch.key TLSCACertificateFile /etc/ssl/certs/dannatuCA-cacert.pem

Have also added these entries to syncrepl now, but without any success:

tls_cert=/etc/ssl/openldap/dannatu.ch.pem tls_key=/etc/ssl/openldap/dannatu.ch.key tls_cacert=/etc/ssl/certs/dannatuCA-cacert.pem

Still works with 2.4.44-r1, but not with 2.4.45.

Juergen

-----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@symas.com] Sent: Thursday, June 22, 2017 5:12 PM To: Sprenger Jürgen, INI-ON-CIS-SDI-HES Juergen.Sprenger@swisscom.com; openldap-technical@openldap.org Subject: Re: syncrepl fails after upgrade to openldap 2.4.45

--On Thursday, June 22, 2017 10:25 AM +0000 Juergen.Sprenger@swisscom.com wrote:

syncrepl rid=000 provider=ldaps://ldap.dannatu.ch:636 type=refreshAndPersist retry="5 5 300 +" searchbase="dc=dannatu,dc=ch" attrs="*,+" scope=sub bindmethod=simple binddn="cn=Manager,dc=dannatu,dc=ch" credentials=**************

I don't see anything here configuring for syncrepl to find the CA for your server cert. I.e., something like tls_cacertdir=<path>

--Quanah

--

Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com