Affects Version/s: 2.6.0
When the LDAP port of a source server is not accessible. Reasons being:
- ds-cfg-reject-unauthenticated-requests is set to true (in config.ldif)
- only the LDAPS connection handler is enabled (in config.ldif)
- a firewall blocks access to the LDAP port
In such cases, ds-cfg-symmetric-key values for secret keys in cn=admin data are not replicated correctly.
Normally, each replica will add its own value for ds-cfg-symmetric-key, encrypted with its own cert.
This does not happen when ds-cfg-reject-unauthenticated-requests=true.
Also, looks like an unauthenticated LDAP request is made from the replica. See attached image