Multi Master Replication + SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Stephen Agar wrote:
> That was my thought as well, so what configuration(s) should I 
> check/change to ensure that it connects to port 636 as it's supposed to?
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_Replication-Configuring_Single_Master_Replication.html#smrepl-replagmt
>
> my urls for referrals are both: ldaps://other.server:636/dc=blah,dc=blah
>
> my replication agreements both have this:
> supplier: this.server:636
> consumer: this.server:389
>
> in the connection tab i have these selected:
> - use tls/ssl (tls/ssl encryption with ldaps)
> - simple authentication
>
> the documentation states that the consumer will always show port 389 
> there..but why?
Where does the documentation say that?  I believe the documentation says 
that the supplier will always show 389, but the consumer should show the 
actual port it is connecting to.
>
> thanks,
> stephen
>
> On Wed, Jun 2, 2010 at 3:59 PM, Rich Megginson <rmeggins at redhat.com 
> <mailto:rmeggins at redhat.com>> wrote:
>
>     Stephen Agar wrote:
>
>         I have 2 389 servers that I want to configure in a Multi
>         Master setup(I tried mmr.pl <http://mmr.pl> <http://mmr.pl>,
>         but had to make modifications to allow it to connect via
>         LDAPS, so thought that may be my issue, results below are from
>         scratch following the detailed howto from 389 and redhat).  I
>         have port 389 totally disabled on my two servers.
>
>
>         I have configured them as such:
>
>         - server A: SSL, Multi Master Replica, agreement serverb -
>         supplier=servera:636, consumer:servera:389
>         - server B: SSL, Multi Master Replica, agreement servera -
>         supplier=serverb:636, consumer:serverb:389
>
>         My errors logs tell me:
>         [02/Jun/2010:11:51:23 -0500] slapi_ldap_bind - Error: could
>         not send bind reques
>         t for id [cn=repman,cn=config] mech [SIMPLE]: error 91 (Can't
>         connect to the LDA
>         P server) -5961 (TCP connection reset by peer.) 115 (Operation
>         now in progress)
>
>         Doing a packet capture on the loopback interface, I see it
>         trying to connect to itself on port 389.  So I try enabling
>         port 389 and get:
>
>         [02/Jun/2010:13:00:42 -0500] slapi_ldap_bind - Error: could
>         not send bind request for id [cn=repman,cn=config] mech
>         [SIMPLE]: error 81 (Can't contact LDAP server) -5938
>         (Encountered end of file.) 11 (Resource temporarily unavailable)
>
>         Is the server trying to do starttls via port 389 instead of
>         LDAPS via port 636? I'm stuck and looking for any advice.
>
>     Looks like it is attempting to use LDAPS to port 389.
>
>
>         Thanks!
>
>
>
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux