docker-openldap
docker-openldap copied to clipboard
osixia
ldap_start_tls failed replication does not work
backgroud: 1、ldap1.liz.com on vm1(192.168.0.2) docker run -p 389:389 -p 636:636 --hostname ldap1.liz.com --name openldap-backup --network=ldap_default --restart=always --env LDAP_ORGANISATION="liz" --env LDAP_DOMAIN="liz.com" --env LDAP_ADMIN_PASSWORD="redhat" --env LDAP_REPLICATION_HOSTS="#PYTHON2BASH:['ldap://ldap1.liz.com','ldap://ldap2.liz.com']" --env LDAP_REPLICATION=true --env LDAP_TLS_VERIFY_CLIENT="never" --volume /data/openldap/database2:/var/lib/ldap --volume /data/openldap/config2:/etc/ldap/slapd.d --volume /data/openldap/certs2:/container/service/slapd/assets/certs --env LDAP_TLS_CRT_FILENAME=ldap.pem --env LDAP_TLS_KEY_FILENAME=ldap.key --env LDAP_TLS_CA_CRT_FILENAME=root.cer --env LDAP_BACKUP_CONFIG_CRON_EXP="50 23 * * *" --env LDAP_BACKUP_DATA_CRON_EXP="50 23 * * *" --volume /data/openldap/backup:/data/backup --detach osixia/openldap-backup:1.5.0 --copy-service
2、ldap2.liz.com on vm2(192.168.0.3) docker run -p 389:389 -p 636:636 --hostname ldap2.liz.com --name openldap-backup --network=ldap_default --restart=always --env LDAP_ORGANISATION="liz" --env LDAP_DOMAIN="liz.com" --env LDAP_ADMIN_PASSWORD="redhat" --env LDAP_REPLICATION_HOSTS="#PYTHON2BASH:['ldap://ldap1.liz.com','ldap://ldap2.liz.com']" --env LDAP_REPLICATION=true --env LDAP_TLS_VERIFY_CLIENT="never" --volume /data/openldap/database2:/var/lib/ldap --volume /data/openldap/config2:/etc/ldap/slapd.d --volume /data/openldap/certs2:/container/service/slapd/assets/certs --env LDAP_TLS_CRT_FILENAME=ldap.pem --env LDAP_TLS_KEY_FILENAME=ldap.key --env LDAP_TLS_CA_CRT_FILENAME=root.cer --env LDAP_BACKUP_CONFIG_CRON_EXP="50 23 * * *" --env LDAP_BACKUP_DATA_CRON_EXP="50 23 * * *" --volume /data/openldap/backup:/data/backup --detach osixia/openldap-backup:1.5.0 --copy-service
3、ldap.pem and ldap.key are ev ssl certificates
4、I have added 192.168.0.2 ldap1.liz.com and 192.168.0.3 ldap2.liz.com on /etc/hosts of ldap1 and ldap2 containers
when I am in the ldap1 container,I can use ldapsearch -x -H ldap://ldap2.liz.com -b dc=liz,dc=com -D "cn=admin,dc=liz,dc=com" -w redhat -ZZ to get the response data . if I am in ldap2 container . I can get the ldap1 data via ldapsearch command. but the replication within ldap1 and ldap2 don't work. and the containers error log is down below: slap_client_connect: URI=ldap://ldap.liz.com Error, ldap_start_tls failed (-1) do_syncrepl: rid=001 rc -1 retrying
