[EdLUG] OpenLDAP slap client and/or syncrepl error

[Tahir Hafiz]

Hi,

We have two OpenLDAP servers (sso1 and sso2, ignore alpha - that one I
think they decommissioned it years ago).
sso1 and sso2 are meant to be in mirror mode (sometimes called multi-master
mode).
I had to switch sso1 off a while ago because it was no longer responding
and didn't have much time to look at it back then.

I have now had some spare time to look at it, updated the web certs which
had to be renewed and restarted the openldap server in question.
But I see the following error (and Google has not helped much on this one):

May 20 16:11:44 sso1 slapd[9008]: slapd starting
May 20 16:11:44 sso1 slapd[9008]: slap_client_connect: URI=ldaps://
alpha.redacted.net/ TLS context initialization failed (-1)
May 20 16:11:44 sso1 slapd[9008]: do_syncrepl: rid=003 rc -1 retrying (4
retries left)
May 20 16:11:44 sso1 slapd[9008]: slap_client_connect: URI=ldaps://
sso2.redacted.net/ TLS context initialization failed (-1)
May 20 16:11:44 sso1 slapd[9008]: do_syncrepl: rid=002 rc -1 retrying (4
retries left)
May 20 16:12:13 sso1 slapd[9008]: SASL [conn=1001] Failure: no secret in
database

The weird thing is the OpenLDAP sso1 box is synching to sso2 ldap box, and
I can connect to it with an ldap client on my home desktop and it now has
the latest records so it is working as an ldap server but I'm not sure what
the errors really mean.
Are there any avenues I can explore on this or has anyone seen something
like this before (N.B. I am no ldap expert) ?

Thanking you in advance,
Tahir
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.edlug.org.uk/pipermail/edlug/attachments/20220520/6d308e0f/attachment.htm>