Hello, tls_reqcert=never is necessary for the replication. If it is not defined, I get an error.
The weird thing, is that I do have the same configuration on another host, running Debian Lenny with slapd version 2.4.23-3 and I don't have to define this parameter. The server I report the error, is running 2.4.23-7 on Squeeze. Is there any way to explain this difference ? Regards, Hugo On 17 October 2011 04:27, Quanah Gibson-Mount <[email protected]> wrote: > --On Sunday, October 16, 2011 12:51 AM -0700 Howard Chu <[email protected]> > wrote: > >> Quanah Gibson-Mount wrote: >>> >>> >>> --On October 13, 2011 10:43:55 AM -0700 Josh Miller >>> <[email protected]> wrote: >>> >>>> >>>> On Oct 13, 2011, at 10:29 AM, Quanah Gibson-Mount wrote: >>>>> >>>>> I don't see any of the tls_* options to the syncrepl configuration >>>>> here. Likely the syncrepl client is unable to verify the master's >>>>> cert. I would note that using refreshOnly is ill-advised. >>>> >>>> Hi Quanah, >>>> >>>> Why is RefreshOnly ill-advised? That is the recommendation in the docs >>>> (very timely as I just set this up again myself). >>>> >>>> re: http://www.openldap.org/doc/admin24/replication.html >>> >>> The admin guide has examples, not recommendations. In any case, I fully >>> intend to change those examples to be refreshAndPersist so people stop >>> defaulting to refreshOnly. It is not always reliable, and your >>> significantly delay your replication by using it. >> >> Of course, it may be the only thing that works reliably if you have a >> firewall that silently kills old connections. >> >> The examples should stand as-is. We cannot predict what environment it's >> going to be deployed in. It's up to administrators to use their brains >> and know these details of their network. > > I think at the least we should document both. Virtually everyone takes the > admin guide verbatim without comprehending what it is they are doing. Giving > them two options would hopefully at least make them have to consider why > there are multiple options. > > --Quanah > > -- > > Quanah Gibson-Mount > Sr. Member of Technical Staff > Zimbra, Inc > A Division of VMware, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration > >
