FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 06-02-2010, 10:11 PM
Rich Megginson
 
Default Multi Master Replication + SSL

Stephen Agar wrote:
> That was my thought as well, so what configuration(s) should I
> check/change to ensure that it connects to port 636 as it's supposed to?
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_Replication-Configuring_Single_Master_Replication.html#smrepl-replagmt
>
> my urls for referrals are both: ldaps://other.server:636/dc=blah,dc=blah
>
> my replication agreements both have this:
> supplier: this.server:636
> consumer: this.server:389
>
> in the connection tab i have these selected:
> - use tls/ssl (tls/ssl encryption with ldaps)
> - simple authentication
>
> the documentation states that the consumer will always show port 389
> there..but why?
Where does the documentation say that? I believe the documentation says
that the supplier will always show 389, but the consumer should show the
actual port it is connecting to.
>
> thanks,
> stephen
>
> On Wed, Jun 2, 2010 at 3:59 PM, Rich Megginson <rmeggins@redhat.com
> <mailto:rmeggins@redhat.com>> wrote:
>
> Stephen Agar wrote:
>
> I have 2 389 servers that I want to configure in a Multi
> Master setup(I tried mmr.pl <http://mmr.pl> <http://mmr.pl>,
> but had to make modifications to allow it to connect via
> LDAPS, so thought that may be my issue, results below are from
> scratch following the detailed howto from 389 and redhat). I
> have port 389 totally disabled on my two servers.
>
>
> I have configured them as such:
>
> - server A: SSL, Multi Master Replica, agreement serverb -
> supplier=servera:636, consumer:servera:389
> - server B: SSL, Multi Master Replica, agreement servera -
> supplier=serverb:636, consumer:serverb:389
>
> My errors logs tell me:
> [02/Jun/2010:11:51:23 -0500] slapi_ldap_bind - Error: could
> not send bind reques
> t for id [cn=repman,cn=config] mech [SIMPLE]: error 91 (Can't
> connect to the LDA
> P server) -5961 (TCP connection reset by peer.) 115 (Operation
> now in progress)
>
> Doing a packet capture on the loopback interface, I see it
> trying to connect to itself on port 389. So I try enabling
> port 389 and get:
>
> [02/Jun/2010:13:00:42 -0500] slapi_ldap_bind - Error: could
> not send bind request for id [cn=repman,cn=config] mech
> [SIMPLE]: error 81 (Can't contact LDAP server) -5938
> (Encountered end of file.) 11 (Resource temporarily unavailable)
>
> Is the server trying to do starttls via port 389 instead of
> LDAPS via port 636? I'm stuck and looking for any advice.
>
> Looks like it is attempting to use LDAPS to port 389.
>
>
> Thanks!
>
>
>

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 02:52 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org