[Pkg-openldap-devel] Bug#613663: Bug#613663: slapd: Upgrade Lenny -> Squeeze: failed to migrate tls_cacert

Rainer Ruprechtsberger rainer.ruprechtsberger at volkshilfe-ooe.at
Tue Feb 22 11:04:39 UTC 2011


Hi,

sorry i shared the wrong link in my last mail. In
http://www.openldap.org/doc/admin24/slapdconf2.html section 5.2.5.8.
olcSyncrepl.

<quote>
Note that the main slapd TLS settings are not used by the syncrepl
engine; by default the TLS parameters from a ldap.conf(5) configuration
file will be used. TLS settings may be specified here, in which case any
ldap.conf(5) settings will be completely ignored.
</quote>

The slapd in Debian Squeeze doesn't seem to honor this anymore. After
resolving the issues with Bug#614569 i get the following error:

slap_client_connect: URI=ldaps://ldap-test.test.vpn.volkshilfe-ooe.at
DN="cn=samba-test2,ou=replication,dc=volkshilfe-ooe,dc=at"
ldap_sasl_bind_s failed (-1)

Adding a 'tls_cacert=<copy statement from ldap.conf>' statement to the
syncreplication configuration the error disapears and replication works
again. I replicated my test setting twice was able to reproduce this
behaviour.

/r

-- 
Rainer Ruprechtsberger
Volkshilfe Oberösterreich
EDV
Glimpfingerstrasse 48
4020 Linz
Tel.: 0732/3405-123
Mobil.: 0676/8734-1123

ZVR Zahl: 064371505





More information about the Pkg-openldap-devel mailing list