Mmmm.. the fact is that is *in the consumer* that I had to disable ldaps, not on the provider, the provider is now supporting ldap and ldaps; if I enable ldaps in the consumer, replication does not start, even when specifying provider=ldap://provider-host:389.. One more thing that results strange to me is that if I put a wrong configuration under syncrepl on the consumer, the server does not start and logs some messages, but If the configuration is fine, the server starts but the replication does not, and nothing gets logged, in the consumer nor in the provider.. thanks!
2013/2/6 Quanah Gibson-Mount <[email protected]> > --On Wednesday, February 06, 2013 6:33 PM -0200 paler cryptkeeper < > [email protected]> wrote: > > >> Hi. >> >> Today I had to set up two OpenLDAP instances (2.4.33), with delta >> replication under SSL/TLS, something pretty common, I think. >> The installation (from source), initializing and TLS support setup went >> fine, and both, provider and consumer, started up without problems, and >> searches did well on both, with ldapd and ldaps. However, the replication >> never started. After a while (almost 2.5 hours!! and so many slapd.conf >> files..) I tried to start the consumer without ldaps support, only ldap, >> and the replication started perfectly! Is this normal? Could be something >> with the config? The only thing that changed between a not working state >> and a working one was that if 'slapd -d 256 -h "ldap:/// ldaps:///"' was >> used, replication didn't start, and with only 'slapd -d 256' the >> replication started normally.. I repeat that with the first option, >> beside replication, everything else worked fine, even searches using >> ldaps.. >> It's something I could not explain to or customer.. can someone explain >> it to me? :) >> Thanks! >> > > Likely it couldn't negotiate the SSL connection. I would guess you failed > to set the cert options in the syncrepl line. Since you provide no detail > into your configuration, all I can do is guess. > > --Quanah > > -- > > Quanah Gibson-Mount > Sr. Member of Technical Staff > Zimbra, Inc > A Division of VMware, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration > -- Cuando crees que ya has llegado al piso y que no puedes caer mas bajo, descubres que hay un subsuelo...
