Craig White wrote: > it is...syncrepl has been available for quite some time (master <-> > master) > > the way to deal with ssl/multiple LDAP servers is to use TLS_CACERTDIR > on the clients so you can have multiple certs for the clients to use > > migration from openldap 2.2 to 2.3 doesn't require any reconfiguration > that I'm aware of. good to know, thanks. As for 2.2 to 2.3, the configs themselves didn't change but I had to change a ton of my data, took at least a couple of hours to clean up my data so that it would import into 2.3. I'm fairly sure it's just leftover cruft from OpenLDAP 2.0 when it wasn't as compliant as 2.2/2.3, and 2.2 was more lenient on what it would accept for schema layouts, and 2.3 was very strict by comparison. I don't recall the exact errors I got when I upgraded, it was about a year ago. Fortunately I tested it a bunch of times and fixed the schema in my 2.2 production system before upgrading it, so that it went smoothly. I'm hoping future version updates will be smoother for me. nate