r0m5 wrote: > So I set up a PKI and now it looks OK regarding syncrepl. So I guess my > problem might > be related to ITS#8427, which I didn't see before posting here. > > I still have issues though, with applications randomly failing STARTTLS to my > consumers
Many problems like this are caused by not getting the PKI to issue correct public-key certs. Especially you should put all DNS names a LDAP client might use to connect to your LDAP server in subjectAltName extension. E.g. ITS#8427 says: "Provide the servers with TLS certificates that are correct but do not include an address used in syncrepl provider setting." What the heck does that mean?!? Ciao, Michael.
Description: S/MIME Cryptographic Signature