Issue #328 has been reported by Nick Milas. ---------------------------------------- Bug #328: Syncrepl fails with v2.4.26 when TLS is used http://tools.lsc-project.org/issues/328
Author: Nick Milas Status: New Priority: Normal Assigned to: Category: Target version: Hello, I have just installed openldap v2.4.26 (for which I thank you very much). I have this problem: When syncrepl is used *without* TLS/SSL, it works fine. However, when syncrepl is used with TLS/SSL it fails with message: ldap_sasl_bind_s failed <pre> Jul 19 12:28:34 dns2 slapd[18543]: [INFO] Using /etc/default/slapd for configuration Jul 19 12:28:34 dns2 slapd[18548]: [INFO] Launching OpenLDAP configuration test... Jul 19 12:28:34 dns2 slapd[18571]: [OK] OpenLDAP configuration test successful Jul 19 12:28:34 dns2 slapd[18572]: [INFO] Launching OpenLDAP replication... Jul 19 12:28:34 dns2 slapd[18573]: [INFO] no replica found in configuration, aborting lauching slurpd Jul 19 12:28:34 dns2 slapd[18574]: [INFO] no db_recover done Jul 19 12:28:34 dns2 slapd[18575]: [INFO] Launching OpenLDAP... Jul 19 12:28:34 dns2 slapd[18576]: [OK] file descriptor limit set to 1024 Jul 19 12:28:34 dns2 slapd[18577]: @(#) $OpenLDAP: slapd 2.4.26 (Jul 18 2011 12:35:41) $ [email protected]:/home/clement/build/BUILD/openldap-2.4.26/servers/slapd Jul 19 12:28:34 dns2 slapd[18578]: hdb_monitor_db_open: monitoring disabled; configure monitor database to enable Jul 19 12:28:34 dns2 slapd[18578]: slapd starting Jul 19 12:28:34 dns2 slapd[18578]: slap_client_connect: URI=ldaps://ldap.noa.gr:636 DN="uid=dnsauth,ou=system,dc=noa,dc=gr" ldap_sasl_bind_s failed (-1) Jul 19 12:28:34 dns2 slapd[18578]: do_syncrepl: rid=333 rc -1 retrying Jul 19 12:28:35 dns2 slapd[18583]: [OK] OpenLDAP started on port 389 and 636 </pre> Here is the configuration: <pre> syncrepl rid=333 provider=ldaps://ldap.noa.gr:636 type=refreshAndPersist retry="60 +" searchbase="dc=noa,dc=gr" schemachecking=off bindmethod=simple binddn="uid=dnsauth,ou=System,dc=noa,dc=gr" credentials="secret" </pre> Yet, ldapsearch (from the consumer to the provider) over TLS/SSL is successful: <pre> [root@dns2 openldap]# /usr/local/openldap/bin/ldapsearch -x -v -ZZ -D "uid=dnsauth,ou=System,dc=noa,dc=gr" -W -H ldap://ldap.noa.gr -s sub -b "dc=noa,dc=gr" record=195.251.202.63 dn ldap_initialize( ldap://ldap.noa.gr:389/??base ) Enter LDAP Password: filter: arecord=195.251.202.63 requesting: dn # extended LDIF # # LDAPv3 # base <dc=noa,dc=gr> with scope subtree # filter: arecord=195.251.202.63 # requesting: dn # # nmilas1.astro, noa.gr, dns1, noa.gr dn: dc=nmilas1.astro,dc=noa.gr,ou=dns1,dc=noa,dc=gr # search result search: 3 result: 0 Success # numResponses: 2 # numEntries: 1 </pre> and: <pre> [root@dns2 openldap]# /usr/local/openldap/bin/ldapsearch -x -v -D "uid=dnsauth,ou=System,dc=noa,dc=gr" -W -H ldaps://ldap.noa.gr:636 -s sub -b "dc=noa,dc=gr" arecord=195.251.202.63 dn ldap_initialize( ldaps://ldap.noa.gr:636/??base ) Enter LDAP Password: filter: arecord=195.251.202.63 requesting: dn # extended LDIF # # LDAPv3 # base <dc=noa,dc=gr> with scope subtree # filter: arecord=195.251.202.63 # requesting: dn # # nmilas1.astro, noa.gr, dns1, noa.gr dn: dc=nmilas1.astro,dc=noa.gr,ou=dns1,dc=noa,dc=gr # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 </pre> What may be the cause of the problem? Thanks, Nick -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
