Actually... I had typo in my ldap.conf and that's why openldap syncrepl failed. "TLS_REQERT never", missing letter C. Very embarrassing. End of offtopic.
On Fri, Aug 5, 2011 at 12:11, Ander Punnar <[email protected]> wrote: > 2011/8/4 <[email protected]> > >> I have installed SAMBA + OpenLDAP + TLS successfully with the debian >> packages. There is no need to rebuild openldap from scratch. >> My config : >> >> Debian Queeze amd64 >> OpenLDAP: slapd 2.4.23 (Jun 15 2011 13:31:57) >> Samba v3.5.6 >> OpenSSL 0.9.8o 01 Jun 2010 >> > > http://packages.debian.org/squeeze/slapd > > Depends: libgnutls26 > > When you are trying to do syncrepl with startls or ldaps:// > between 2 Debian boxes and use self-signed certs, then it doesn't work. > When you are using LDAP-client compiled with OpenSSL, then it works, > because client tries to verify certs, not server and OpenSSL is more sane > when it > comes to self-signed certs. > > Yes, I tried that CA.pl/sh script to create own CA, > debugged with gnutls utils and did lots of other stuff and every time I got > verification errors. > > But this problem is OpenLDAP (debian package) related, not Samba. > > -- > Sent from my PC. > > -- Sent from my PC. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
