Le 2017-06-02 17:46, r0m5 a écrit :

> Le 2017-06-02 16:55, Quanah Gibson-Mount a écrit : 
> --On Friday, June 02, 2017 11:01 AM +0200 r0m5 <r...@r0m5.eu> wrote:
> Hello,
> I am facing an issue with syncrepl and STARTTLS on 389 port. The kind of
> problem happening only sometimes, and disappearing "by itself". I use
> Debian Jessie, OpenLDAP 2.4.40+dfsg-1+deb8u2. 
> 2.4.40 is 2.5 years old, 5 point releases behind, and had significant known 
> replication issues.  I believe there is a build of 2.4.44 in backports for 
> Jessie.  I would advise using that instead.
> As far as debug logging, you would need to use "-d -1" to slapd, rather than 
> attempting to set the loglevel to -1, as some debug logging is only possible 
> via the slapd daemon.  But your first step is to move to a current release.
> --Quanah
> --
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>

Hello ! 

Thanks for your reply. I just upgraded the preproduction environment
provider and consumers to the jessie-backports version. I will check the
prod to preprod injections during the next days then let you know. 

Have a good weekend !

Hello ! 

I upgraded to 2.4.44 but still had problems (less, though). So I used
"-d -1" with slapd instead of olcLoglevel as you said then I noticed
there was a problem with certificate validation even with using demand
or allow for TLS reqcert in olcSyncrepl and in /etc/ldap/ldap.conf. I
was at that time using self-signed certificates. 

So I set up a PKI and now it looks OK regarding syncrepl. So I guess my
problem might be related to ITS#8427, which I didn't see before posting

I still have issues though, with applications randomly failing STARTTLS
to my consumers :-( 


Reply via email to