openldap tls replication not working. What is the reason?

D

Dmitry Aitkulov2015-07-10 14:27:58

linux

Dmitry Aitkulov, 2015-07-10 14:27:58

Good afternoon! There are two servers on centos 7. Openldap is running on them. Set up from here . Server names Main and reserv. Replication is configured between them, configured from here . On the Main server, tls is configured by hand for the time being, I configured it from here later, we will buy a normal certificate.
There was a task to make replication on tls. This is the problem.
What was done:
In the server reserv config I wrote

starttls=yes
   tls_cert=/etc/openldap/certs/ldap.crt
   tls_key=/etc/openldap/certs/ldap.key
   tls_cacert=/etc/openldap/certs/ca-bundle.crt
   tls_reqcert=demand

assigned an owner to ldap certificates.
specified to work under the protocol
ldaps: // host: 636 and ldaps: // host: 389
Does not work, in any way.
I tried to manually import certificates into the OS - it gave an error.
I noticed that somewhere people use .pem certificates and somewhere .crt.
.pem certificates have not yet been used.
Poke your nose into the correct config.
Thank you all in advance!

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

3

3vi1_0n3, 2015-07-10
@Scarfase1989

Actually, you need to take a closer look. But the very first thing I would check is if there is a root certificate that signed the server certificate in the file from the tls_cacert.
> I tried to manually import certificates into the OS - it gave an error
It's not clear how you imported and into which OS and which certificates. In order for the root certificate that signed the server certificate to become available in the system, you need to put the root certificate in /etc/pki/tls/certs and make a hash link like this:
And then check the server certificate using
PS: And check the firewall settings