LDAP TLS Replication not Working on Ubuntu 10.04 Server

vijith.pa@gmail.com · 06-28-2011, 01:36 AM

Hi friends,

LDAP TLS replication not working for me , It's Showing some errors like

Jun 28 11:15:25 ldap-02 slapd[919]: slapd starting
Jun 28 11:15:26 ldap-02 slapd[919]: slap_client_connect: URI=ldap://ipaddres Warning, ldap_start_tls failed (-11)
Jun 28 11:15:26 ldap-02 slapd[919]: slap_client_connect: URI=ldap://ipaddres DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1)
Jun 28 11:15:26 ldap-02 slapd[919]: do_syncrepl: rid=000 rc -1 retrying

But Without TLS it's working , here am generated self-sign Certificate for both LDAP Servers and edited cn=config tree also content

dn: olcDatabase={1}hdb,cn=config
replace: olcSyncrepl
olcSyncrepl: {0}rid=0 provider=ldap://ip-address bindmethod=simple binddn="cn=ad
min,dc=example,dc=com" credentials=secret searchbase="dc=example,dc=com" logbas
e="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" s
chemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog starttls=yes

if anyone face this issuse before or anyone know pls share ur info ??

with regards

Vijith P A

TB0ne · 06-29-2011, 11:32 AM

Quote:

Originally Posted by vijith.pa@gmail.com

Hi friends,
LDAP TLS replication not working for me , It's Showing some errors like

Jun 28 11:15:25 ldap-02 slapd[919]: slapd starting
Jun 28 11:15:26 ldap-02 slapd[919]: slap_client_connect: URI=ldap://ipaddres Warning, ldap_start_tls failed (-11)
Jun 28 11:15:26 ldap-02 slapd[919]: slap_client_connect: URI=ldap://ipaddres DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1)
Jun 28 11:15:26 ldap-02 slapd[919]: do_syncrepl: rid=000 rc -1 retrying

But Without TLS it's working , here am generated self-sign Certificate for both LDAP Servers and edited cn=config tree also content

dn: olcDatabase={1}hdb,cn=config
replace: olcSyncrepl
olcSyncrepl: {0}rid=0 provider=ldap://ip-address bindmethod=simple binddn="cn=ad
min,dc=example,dc=com" credentials=secret searchbase="dc=example,dc=com" logbas
e="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" s
chemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog starttls=yes

if anyone face this issuse before or anyone know pls share ur info ??

Spell out your words...text-speak isn't pleasant for anyone to read. You don't post your configuration, or tell us what version/distro of Linux you're using, but the configuration guides have a good deal of troubleshooting info on them?
http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html

Don't know what you're trying to do, your environment, or what you've tried..without details, no one can help. Have you checked your firewalls/selinux?

vijith.pa@gmail.com · 06-29-2011, 11:55 PM

Hi,

am using Ubuntu Server 10.04, and firewall already Disabled. then also getting same error...

chrism01 · 06-30-2011, 12:15 AM

The LDAP HOWTO here may help http://www.linuxhomenetworking.com/w...DAP_and_RADIUS