[email protected] wrote: > Full_Name: Ulrich Windl > Version: 2.4.26 > OS: Linux (SLES11 SP2) > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (132.199.152.129) > > > I was able to set up a master LDAP server and a replication consumer using the > physical host names and TLS. However when I tried to bind slapd on a virtual > IP > address ("interface alias"), I never got slapd working (even though I fixed > the > certificates for TLS, of course). Dynamic configuration ("cn=config") seems to > make things very difficult, because slapd ends in a state where _nobody_ can > make configuration changes.
Use the openldap-technical mailing list to ask for configuration help. You talk about IP addresses and yet in your quoted text below you are using hostnames. Be consistent when you post your question to the mailing list otherwise no one will understand what you're asking for. Closing this ITS. > It seems slapd tried to use the wrong URI (using the physical host where > nobody > is listening): > slapd[10036]: slap_client_connect: URI=ldap://phost.domain.org/ Error, > ldap_start_tls failed (-1) > slapd[10036]: do_syncrepl: rid=002 rc -1 retrying > > slapd is listening on ldap://vhost.domain.org/ however. > > I read lots of procedures using Google, but could not find the solution for > this > problem. Thus I suggest to add documentation how to configure such a scenario: > > 1) Set up an LDAP Master server that provides service on a specific IP address > using TLS > 2) Set up a replication consumer that provides service on a specific IP > address > using TLS also > 3) The replication consumer should use the address where the master server > listens for replication > > It sounds like an every-day setup, but I failed multiple times, thus the > request > for documentation. > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
