r0m5 wrote:
> So I set up a PKI and now it looks OK regarding syncrepl. So I guess my 
> problem might
> be related to ITS#8427, which I didn't see before posting here.
> 
> I still have issues though, with applications randomly failing STARTTLS to my 
> consumers

Many problems like this are caused by not getting the PKI to issue correct 
public-key
certs. Especially you should put all DNS names a LDAP client might use to 
connect to your
LDAP server in subjectAltName extension.

E.g. ITS#8427 says:
"Provide the servers with TLS certificates that are correct but do not include
an address used in syncrepl provider setting."
What the heck does that mean?!?

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to