Stephen Agar wrote: > That was my thought as well, so what configuration(s) should I > check/change to ensure that it connects to port 636 as it's supposed to? http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_Replication-Configuring_Single_Master_Replication.html#smrepl-replagmt > > my urls for referrals are both: ldaps://other.server:636/dc=blah,dc=blah > > my replication agreements both have this: > supplier: this.server:636 > consumer: this.server:389 > > in the connection tab i have these selected: > - use tls/ssl (tls/ssl encryption with ldaps) > - simple authentication > > the documentation states that the consumer will always show port 389 > there..but why? Where does the documentation say that? I believe the documentation says that the supplier will always show 389, but the consumer should show the actual port it is connecting to. > > thanks, > stephen > > On Wed, Jun 2, 2010 at 3:59 PM, Rich Megginson <rmeggins@xxxxxxxxxx > <mailto:rmeggins@xxxxxxxxxx>> wrote: > > Stephen Agar wrote: > > I have 2 389 servers that I want to configure in a Multi > Master setup(I tried mmr.pl <http://mmr.pl> <http://mmr.pl>, > but had to make modifications to allow it to connect via > LDAPS, so thought that may be my issue, results below are from > scratch following the detailed howto from 389 and redhat). I > have port 389 totally disabled on my two servers. > > > I have configured them as such: > > - server A: SSL, Multi Master Replica, agreement serverb - > supplier=servera:636, consumer:servera:389 > - server B: SSL, Multi Master Replica, agreement servera - > supplier=serverb:636, consumer:serverb:389 > > My errors logs tell me: > [02/Jun/2010:11:51:23 -0500] slapi_ldap_bind - Error: could > not send bind reques > t for id [cn=repman,cn=config] mech [SIMPLE]: error 91 (Can't > connect to the LDA > P server) -5961 (TCP connection reset by peer.) 115 (Operation > now in progress) > > Doing a packet capture on the loopback interface, I see it > trying to connect to itself on port 389. So I try enabling > port 389 and get: > > [02/Jun/2010:13:00:42 -0500] slapi_ldap_bind - Error: could > not send bind request for id [cn=repman,cn=config] mech > [SIMPLE]: error 81 (Can't contact LDAP server) -5938 > (Encountered end of file.) 11 (Resource temporarily unavailable) > > Is the server trying to do starttls via port 389 instead of > LDAPS via port 636? I'm stuck and looking for any advice. > > Looks like it is attempting to use LDAPS to port 389. > > > Thanks! > > > -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
