-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > overlay chain > chain-uri "ldaps://server.group" > chain-rebind-as-user TRUE > chain-idassert-bind bindmethod=sasl > saslmech=EXTERNAL > binddn="cn=whatever" > tls_cert=/etc/ldap/ssl/replicator-cert.pem > tls_key=/etc/ldap/ssl/replicator-key.pem > tls_cacert=/etc/ssl/certs/mgoc-cacert.pem > tls_reqcert=demand > mode=self > chain-idassert-authzFrom "*" > chain-return-error TRUE
Is slapd listening on ldaps? Why not starttls=yes/critical like below? > [2] > syncrepl rid=245 > provider=ldap://server.group > type=refreshAndPersist > searchbase="dc=server,dc=group" > filter="(objectClass=*)" > scope=sub > schemachecking=off > bindmethod=sasl > saslmech=EXTERNAL > starttls=yes > tls_cert=/etc/ldap/ssl/replicator-cert.pem > tls_key=/etc/ldap/ssl/replicator-key.pem > tls_reqcert=allow > retry="10 20 60 +" > logbase="cn=accesslog" > logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" > syncdata=accesslog > > -- > > Greek Ordono > > myppa: launchpad.net/~grexk/+archive/ppa > > > - -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E [email protected] Open Source. Open Solutions(tm). http://www.suretecsystems.com/ Suretec Systems is a limited company registered in Scotland. Registered number: SC258005. Registered office: 13 Whiteley Well Place, Inverurie, Aberdeenshire, AB51 4FP. Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpWYfgACgkQoJwyzoTgQhTaIgCfU0vFRkoDrYCP8edFLJsERL26 hNcAoJN0JpnZHOmxQ3D6re/G1Ndr6A+s =caYf -----END PGP SIGNATURE-----
