----- "Gémes Géza" <[EMAIL PROTECTED]> wrote: > Hi everyone! > > I've set up two test ldap servers (2.4.10) with multimaster > replication. > With simple binds it is working well. > I've set up a client certificate (everything CA signed, no > self-signing > ;-) ) to use with SASL/EXTERNAL authentication. > Using olcAuthzRegexp I've mapped it to the rootdn of the cn=config > backend, set up an .ldaprc file and with: > su -c '/usr/bin/ldapwhoami' openldap -s /bin/sh > (I'm running slapd as openldap user and group) > I get: > SASL/EXTERNAL authentication started > SASL username: cn=LDAP Syncrepl Client,ou=LDAP Server,o=Kossuth > Zsuzsanna SZKI,l=Dabas,st=Pest,c=HU > SASL SSF: 0 > dn:cn=config > just like expected (ldapsearch and friends are also working on both > sides and cross). > Just to be sure I've exported the LDAPCONF variable in the slapd > startup > script. > But syncrepl doesn't work! > On the logs (olcLogLevel=-1): > slap_client_connect: URI=ldaps://first-or-second-ldap-server > ldap_sasl_interactive_bind_s failed (-6) > connection_read(20): unable to get TLS client DN, error=49 id=23
Are you trying to StartTLS on an SSL (ldaps://) connection? That won't work. -- Kind Regards, Gavin Henry. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E [EMAIL PROTECTED] Open Source. Open Solutions(tm). http://www.suretecsystems.com/
