Hello I try to use replication with slurpd, using TLS to secure access to the replicas.
1) On the master, slapd.conf contains this: database bdb suffix "dc=example,dc=net" directory /var/openldap/openldap-data replogfile /var/log/ldap/ldap.replog replica uri=ldaps://ldap1.example.net bindmethod=sasl saslmech=EXTERNAL I have a slurpd pseudo-user, with a .ldaprc file: SASL_MECH EXTERNAL TLS_CACERT /etc/openssl/certs/ca.crt TLS_KEY /usr/pkg/etc/openldap/slurpd/etc/openssl/slurpd.key TLS_CERT /usr/pkg/etc/openldap/slurpd/etc/openssl/slurpd.crt 2) On the slave, slapd.conf contains: suffix "dc=example,dc=net" directory /var/openldap/openldap-data updatedn "email=...,cn=slurpd,ou=....,o=...,st=...,c=..." updateref ldap://ldap0.example.net access to * by dn.exact="email=...,cn=slurpd,ou=....,o=...,st=...,c=..." by * none updatedn is the information I have in slurpd's certificate. When I update the master, slrupd sees the modification and attempt to propagate it to the salve, but it fails: Error: ldap_modify_s failed modifying DN "cn=foo,dc=example,dc=net": shadow context; no update referral On the slave, the error is: conn=19 op=7 RESULT tag=103 err=10 text= I found in <ldap.h> that this err=1à is #define LDAP_REFERRAL 0x0a /* LDAPv3 */ But it does not helps me fixing the problem. What is wrong? -- Emmanuel Dreyfus [EMAIL PROTECTED]
