Replica's nsslapd-referral uri is ldap: instead of ldap:
by Collins, Brian (CAI - Atlanta)
I am doing prep work for replacing our older 389 servers (1.3.8) running on RHEL 7 with newer ones on RHEL 8 and 1.4.4.
I have the two RHEL 7 boxes in a multi-master replication setup.
For this phase of testing I have one read-only replica on 1.4.4, as a consumer to the two current servers. I set up a Linux client to login using SSSD, bound to the consumer. It works fine except when I want to change passwords. I was getting "Operation requires a secure connection." After a lot of digging, I think I found the culprit there: on the consumer, in "dn: cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config" the nsslapd-referral uri for my two current servers is ldap: instead of ldaps:. Indeed, in the cockpit console, the Remote RUV list shows both servers as ldap:.
But on the two suppliers, the old servers, the referral uri is ldaps.
When I set up the replication agreement for the new consumer, I did it just as I did for the current setup, so I don't feel like that's where I went wrong.
Thanks in advance for any pointers,