On 01/26/2017 05:25 PM, John McKee wrote: > @Mark Reynolds Those commands would fail as well, even the replication appears to have issues and gets the same error. > > Here is my /etc/openldap/ldap.conf: > > # The distinguished name of the search base. > base dc=XX,dc=XX,dc=com > > URI ldaps://XX.XX.com > TLS_CACERT /etc/pki/tls/certs/bundle.crt > TLS_REQCERT demand > > We do not have the TLS_CACERTDIR listed, however it always worked without it, ] But it's not working now, so you should follow my suggestion and see if it helps. I have to update ldap.conf to get it working for me. You "might" need to restart the server after making this change. If this doesn't help then I'm not sure what is wrong. > and we have other slaves which are working fine without it (since its managed through puppet). > > It would appear that the masters only seem to be affected by this issue. The slaves have no issues at the moment. > > _______________________________________________ > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
