Howard Chu írta: > Gémes Géza wrote: >> Gavin Henry írta: >>> ----- "Gémes Géza"<[EMAIL PROTECTED]> wrote: >>>> dn:cn=config >>>> just like expected (ldapsearch and friends are also working on both >>>> sides and cross). >>>> Just to be sure I've exported the LDAPCONF variable in the slapd >>>> startup >>>> script. >>>> But syncrepl doesn't work! > > slapd no longer reads any external LDAP configuration files. The TLS > options must be added to the syncrepl config statement. Read the > slapd.conf(5) manpage.
Many thanks, now it works like charm! > >>>> On the logs (olcLogLevel=-1): >>>> slap_client_connect: URI=ldaps://first-or-second-ldap-server >>>> ldap_sasl_interactive_bind_s failed (-6) >>>> connection_read(20): unable to get TLS client DN, error=49 id=23 >>>> >>> Are you trying to StartTLS on an SSL (ldaps://) connection? That >>> won't work. >>> >>> >> However a simple ldapwhoami or ldapsearch works. The ldaprc used is: >> >> BASE dc=kzsdabas,dc=hu >> URI ldaps://first-ldap-server ldaps://second-ldap-server >> TLS_CACERT /etc/ssl/certs/ca.crt >> TLS_CERT /etc/ldap/syncrepl.crt >> TLS_KEY /etc/ldap/syncrepl.key >> TLS_REQCERT demand >> SASL_MECH external >> SASL_AUTHCID cn=LDAP Syncrepl Client,ou=LDAP Server,o=Kossuth >> Zsuzsanna SZKI,l=Dabas,st=Pest,c=HU >> >> >> Just to be sure now I've tried to change the providers to ldap://..., >> but without luck. Now it just reports in the logs: >> >> slap_client_connect: URI=ldaps://first-or-second-ldap-server >> ldap_sasl_interactive_bind_s failed (-6) >> >> >> >> Thanks for any idea. >> >> Geza >> > >
