Re: Multi-Master Replication Issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Okay, I will take a look and report back.

Thanks,

Rohit

On 3/6/14 12:58 PM, "Morgan Jones" <morgan@xxxxxxxxxxxxxxx> wrote:

>For testing I know "TLS_REQCERT never" works.
>
>For production I use:
>TLS_REQCERT demand
>TLS_CACERT /path/to/ca_cert.pem
>
>If TLS_REQCERT never works then there's something wrong with your cert
>most likely.  Though I'd expect a generic connection error if were just
>having a problem verifying the certificate.  Does ldapsearch/ldapmodify
>work for other operations?
>
>Otherwise maybe send us the exact command you're running?
>
>-morgan
>
>
>On Mar 6, 2014, at 12:29 PM, Justin Edmands <shockwavecs@xxxxxxxxx> wrote:
>
>> On Thu, Mar 6, 2014 at 12:19 PM, Chaudhari, Rohit K.
>><Rohit.Chaudhari@xxxxxxxxxx> wrote:
>> Hi All,
>> 
>> I am trying to create multi-master replication in 389.  But I am having
>> trouble using ldapmodify to create a replication manager DN account
>> 
>> I get the following error:
>> 
>> Additional info: TLS error -8157: Certificate extension not found
>> 
>> I went on the web and some people suggested I have a TLS_REQCERT=none
>>line
>> in /etc/openldap/ldap.conf, but this did not fix it either.
>> 
>> My certificate in /etc/openldap/cacerts is called cacert.asc.
>> 
>> Does anyone know how I can fix my problem?
>> 
>> Thanks,
>> 
>> R
>> 
>> --
>> 389 users mailing list
>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>> 
>> Not totally sure, but don't use the "="
>> 
>> here is mine:
>> 
>> URI ldaps://baldirsrv ldaps://hqdirsrv ldaps://stldirsrv
>> BASE ou=People,dc=domain,dc=com
>> TLS_CACERTDIR /etc/openldap/cacerts
>> # TLS_CACERT /etc/openldap/cacerts/cacert.asc
>> TLS_REQCERT allow
>> 
>> you can set it to "TLS_REQCERT never" as well.
>> 
>> Also consider setting the TLS_CACERTDIR and TLS_CACERT
>> 
>> --
>> 389 users mailing list
>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>--
>389 users mailing list
>389-users@xxxxxxxxxxxxxxxxxxxxxxx
>https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux