Le 2017-06-02 17:46, r0m5 a écrit :
> Le 2017-06-02 16:55, Quanah Gibson-Mount a écrit :
> --On Friday, June 02, 2017 11:01 AM +0200 r0m5 <r...@r0m5.eu> wrote:
> I am facing an issue with syncrepl and STARTTLS on 389 port. The kind of
> problem happening only sometimes, and disappearing "by itself". I use
> Debian Jessie, OpenLDAP 2.4.40+dfsg-1+deb8u2.
> 2.4.40 is 2.5 years old, 5 point releases behind, and had significant known
> replication issues. I believe there is a build of 2.4.44 in backports for
> Jessie. I would advise using that instead.
> As far as debug logging, you would need to use "-d -1" to slapd, rather than
> attempting to set the loglevel to -1, as some debug logging is only possible
> via the slapd daemon. But your first step is to move to a current release.
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
Thanks for your reply. I just upgraded the preproduction environment
provider and consumers to the jessie-backports version. I will check the
prod to preprod injections during the next days then let you know.
Have a good weekend !
I upgraded to 2.4.44 but still had problems (less, though). So I used
"-d -1" with slapd instead of olcLoglevel as you said then I noticed
there was a problem with certificate validation even with using demand
or allow for TLS reqcert in olcSyncrepl and in /etc/ldap/ldap.conf. I
was at that time using self-signed certificates.
So I set up a PKI and now it looks OK regarding syncrepl. So I guess my
problem might be related to ITS#8427, which I didn't see before posting
I still have issues though, with applications randomly failing STARTTLS
to my consumers :-(