Wednesday, April 26, 2023

[389-users] Re: Unable to establish replication with STARTTLS

> I am unable to figure out how instances #1 and #2 differ.
> Instance #1 has long-established supplier-agreements (using both LDAPS and STARTTLS) with other instances of 389-Directory. So I know instance #1 can function correctly as a supplier. Instance #3 demonstrates it can be a consumer when supplied by instance #2. I can perform LDAPS and STARTTLS queries from to instance #3, so I know it is listening on the network and not blocked by a host-based firewall.
> Any suggestions of where to look, or config-attributes to check, would be appreciated.

The first check would be from on the host instance #1:

openssl s_client -connect hostname-of-instance-two:636 -showcerts

And assert that the connection proceeds and the certificate chain presented is as you expect.


William Brown

Senior Software Engineer,
Identity and Access Management
SUSE Labs, Australia
389-users mailing list --
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:
Do not reply to spam, report it:

No comments:

Post a Comment