Hello colleagues,
Lately we started looking into 389 DS 2.3.6 on RHEL 9 platform.
We followed instructions Configuring and managing replication on Red Hat site to establish replication between two remote instances,
The instances where previously configured to support TLS channel on port 636 (Enabling TLS-encrypted connections to Directory Server) , and we made sure ldapsearch is working with LDAPS:// protocol with the certificate verification (TLS_REQCERT demand).
The following issue with the replication over TLS was observed:
After we ran the command below to configure secure replication:
dsconf -D "cn=Directory Manager" -w *** ldaps://server.example.edu repl-agmt create --suffix "dc=example,dc=com" --host "consumer.example.edu" --port 636 --conn-protocol=LDAPS --bind-dn "cn=replication manager,cn=config" --bind-passwd "***" --bind-method=SIMPLE --init consumer.example.edu-RO
the error occurred:
Error (-1) Problem connecting to replica - LDAP error: Can't contact LDAP server (connection error)
We double-checked that after we configure clear text replication with the command:
dsconf -D "cn=Directory Manager" -w *** ldaps://server.example.edu repl-agmt create --suffix "dc=example,dc=com" --host "consumer.example.edu" --port 389 --conn-protocol=LDAP --bind-dn "cn=replication manager,cn=config" --bind-passwd "***" --bind-method=SIMPLE --init 10.140.133.36-RO
no problem occurred, and the replication completed successfully.
My question is whether this means the replication over TLS required different config steps, and if yes – what they are?
Thank you,
- Alex
No comments:
Post a Comment