Thursday, July 1, 2021

[389-users] Replica's nsslapd-referral uri is ldap: instead of ldap:

Good day,


I am doing prep work for replacing our older 389 servers (1.3.8) running on RHEL 7 with newer ones on RHEL 8 and 1.4.4.


I have the two RHEL 7 boxes in a multi-master replication setup.


For this phase of testing I have one read-only replica on 1.4.4, as a consumer to the two current servers.  I set up a Linux client to login using SSSD, bound to the consumer. It works fine except when I want to change passwords.  I was getting "Operation requires a secure connection."  After a lot of digging, I think I found the culprit there: on the consumer, in "dn: cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config" the nsslapd-referral uri for my two current servers is ldap: instead of ldaps:.  Indeed, in the cockpit console, the Remote RUV list shows both servers as ldap:.  

 But on the two suppliers, the old servers, the referral uri is ldaps.


When I set up the replication agreement for the new consumer, I did it just as I did for the current setup, so I don't feel like that's where I went wrong.


Thanks in advance for any pointers,

Brian Collins


No comments:

Post a Comment