I also have tried specifying chain-tls: overlay chain chain-uri "ldap://masterldap.example.com:5389"; chain-idassert-bind bindmethod="simple" binddn="cn=Manager,dc=example,dc=com" credentials="secret" mode="self" chain-return-error TRUE chain-tls start tls-cacert="/path/to/my/CA/cert.pem"
but I get the same error. I have verified the validity of the certificates. Searching in the web, I got a posting of the same problem in a german forum last april. Unfortunately, no solution. Does anybody know if the chaining overlay works with TLS? I got syncrepl working, but the chaining overlay I can only make it work using a non-secure connection. -Jorge -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge Medina Sent: Tuesday, July 01, 2008 5:22 PM To: [email protected] Subject: FW: Chaining I mean, I get "TLS negotiation failure" on the syslog when attempting to change an attribute on an entry when using the slave server. -----Original Message----- From: Jorge Medina Sent: Tuesday, July 01, 2008 5:08 PM To: [email protected] Subject: RE: Chaining I am trying to create a master-slave replication with chaining overlay enabled in the slave to redirect writes request to the master. I have it working using ldap:// but I have not been able to configure the chain overlay using a secure connection ldaps:// (running on port 5636 on the master) My master server do not require client certificates., I added the following lines: overlay chain chain-uri "ldaps://masterldap.example.com:5636" chain-idassert-bind bindmethod="simple" binddn="cn=Manager,dc=example,dc=com" credentials="secret" mode="self" tls_cacert="/path/to/my/CA/cert.pem" chain-return-error TRUE But I get "TLS negotiation failure" on the syslog I am using ldaps:// for replication, but I can't configure it for chaining Any hints? -----Original Message----- From: Gavin Henry [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 01, 2008 3:55 AM To: Jorge Medina Cc: [email protected] Subject: Re: Chaining <quote who="Jorge Medina"> > One more question, this time on the chaining overlay. > > > > > > "What is chaining? It indicates the capability of a DSA to follow > referrals on behalf of the client, so that distributed systems are > viewed as a single virtual DSA by clients that are otherwise unable to > "chase" (i.e. follow) referrals by themselves." > > > > In the example shown at > http://www.openldap.org/doc/admin24/overlays.html#Chaining > > > > Is the chaining overlay example used to forward write > requests from the syncrepl slaves to the master server? > Yes, correct. -- Kind Regards, Gavin Henry. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E [EMAIL PROTECTED] Open Source. Open Solutions(tm). http://www.suretecsystems.com/ Suretec Systems is a limited company registered in Scotland. Registered number: SC258005. Registered office: 13 Whiteley Well Place, Inverurie, Aberdeenshire, AB51 4FP.
