On Thursday 06 December 2007 16:50:16 Cristian Laufer wrote: > Hello Quanah, > > sorry, I am actually using: > > provider=ldap://192.168.0.7:389 > > Would that be ok to use? > > Cristian > > Quanah Gibson-Mount schrieb: > > --On December 5, 2007 3:17:01 PM +0100 Cristian Laufer > > > > <[EMAIL PROTECTED]> wrote: > >> Hello All, > >> syncrepl rid=123 > >> starttls=yes > >> provider=ldap://ldapmaster:389 > > > > TLS generally required FQDN's. Fix your provider URL.
The name you provide to the software must match the subject CN on the cert. However, instead of guessing, why don't you rather do an ldapsearch, exactly as your syncrepl is configured, with SSL enabled etc., until you can get ldapsearch to accept the cert. I haven't tried a subjectCN of an IP, but I suspect that wouldn't work, you would rather use a subjectAlternateName=IP:192.168.0.7 ... but you should rather just use a hostname (entry in /etc/hosts if necessary to get it to the right IP) that matches the subjectCN on the cert. Regards, Buchan
