Thank you, this information helped.
I have found related bugs:
FreeIPA: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786411
OpenLDAP switch to NSS:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725153
389ds ticket: https://fedorahosted.org/389/ticket/47536
It doesn't seem there's some fu
Filip Pytloun wrote:
> I am using Ubuntu 16.04 (Xenial), there's no /etc/openldap
That's the problem right there. I don't believe Ubuntu supports setting
up replication agreements yet due to gnutls vs NSS issues. An effort is
being made upstream to eliminate the need for TLS during agreement setup
I am using Ubuntu 16.04 (Xenial), there's no /etc/openldap
Here's complete debug log of replica install:
http://pastebin.com/38zi5MWd
Now I noticed following, don't know if it can directly relate to this issue:
ipa : DEBUGstderr=ldap_initialize(
ldap://idm02.tcpcloud.eu:389/??base )
On 02/12/2016 06:22 PM, Filip Pytloun wrote:
Following is in /etc/ldap/ldap.conf on both servers (only URI differs):
what is your OS, do you also have a /etc/openldap/ldap.conf
ldapsearch and the replication connection shoudl use the same openldap
libraries and so it is strange that -ZZ works
Following is in /etc/ldap/ldap.conf on both servers (only URI differs):
TLS_CACERT /etc/ipa/ca.crt
TLS_REQCERT allow
URI ldaps://idm02.tcpcloud.eu
BASE dc=tcpcloud,dc=eu
As ldapsearch is passing just fine on both nodes, I don't suppose
ldap.conf is wrong.
I also tried to set TLS_REQCERT to allow
On 02/12/2016 03:35 PM, Filip Pytloun wrote:
It's the same as for idm01:
[12/Feb/2016:15:24:26 +0100] NSMMReplicationPlugin -
agmt="cn=meToidm01.tcpcloud.eu" (idm01:389): Replication bind with SIMPLE auth
failed: LDAP error -11 (Connect error) ((unknown error code))
[12/Feb/2016:15:24:27 +010
It's the same as for idm01:
[12/Feb/2016:15:24:26 +0100] NSMMReplicationPlugin -
agmt="cn=meToidm01.tcpcloud.eu" (idm01:389): Replication bind with SIMPLE auth
failed: LDAP error -11 (Connect error) ((unknown error code))
[12/Feb/2016:15:24:27 +0100] slapi_ldap_bind - Error: could not send start
On 02/12/2016 03:06 PM, Filip Pytloun wrote:
Hello,
even when enabling replication logging, I get nothing useful in logs:
[12/Feb/2016:14:57:00 +0100] NSMMReplicationPlugin -
agmt="cn=meToidm02.tcpcloud.eu" (idm02:389): Trying secure startTLS
slapi_ldap_init_ext
[12/Feb/2016:14:57:00 +0100]
Hello,
even when enabling replication logging, I get nothing useful in logs:
[12/Feb/2016:14:57:00 +0100] NSMMReplicationPlugin -
agmt="cn=meToidm02.tcpcloud.eu" (idm02:389): Trying secure startTLS
slapi_ldap_init_ext
[12/Feb/2016:14:57:00 +0100] NSMMReplicationPlugin -
agmt="cn=meToidm02.tcpc