Hi! I have a related question: I replaced our certificate with a refreshed one (keeping the key and filename). Does OpenLDAP cache the certificate, or does it read it anew every time it's needed (i.e.: do I have to restart the server?)? I'm using cn=config, just in case.
Kind regards, Ulrich Windl > -----Original Message----- > From: [email protected] <[email protected]> > Sent: Wednesday, May 13, 2026 7:32 PM > To: [email protected] > Subject: [EXT] issue with new cert (now using CN = InCommon RSA OV SSL CA > 3) > > At the moment, I still update LDAP certificates by hand. All previous certs > used "C = US, O = Internet2, CN = InCommon RSA Server CA 2" but on May > 4th, moved to "C = US, O = "InCommon, LLC", CN = InCommon RSA OV SSL CA > 3". I had to generate a new cert after that date... so I added in the new CA > certs into my CACert file on both ends. But replication is failing with the > new > cert, works fine with the old cert: > > May 13 13:26:21 HOSTNAME slapd[4076661]: slap_client_connect: > URI=ldap://master_vip_name/ ldap_sasl_interactive_bind_s failed (-1) > May 13 13:26:21 HOSTNAME slapd[4076661]: do_syncrepl: rid=101 rc -1 > retrying > > Tried changing tls_reqcert to never in ldap.conf and in the syncrepl and that > didn't change anything. If I move back to the old cert (expires tomorrow) > replication works again so probably not a password issue. > > Any suggestions for debugging this further? > > thanks, > ds
