[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Method for specifying SyncRepl use of TLS (ITS#3293)
Default is not to use starttls.
Starttls will not be used unless it is specified in the syncrepl definition.
- Jong-Hyuk
>Can starttls be set to 'no' for scenarios where I want to force
>plain-text? What is the default if not specified? Please note, I just
>openned ITS #3293 requesting such a parameter.
>
>Thanks for the info,
>-Matt
----- Original Message -----
From: <matt.smith@uconn.edu>
To: <openldap-its@OpenLDAP.org>
Sent: Friday, August 20, 2004 11:59 AM
Subject: Method for specifying SyncRepl use of TLS (ITS#3293)
> Full_Name: Matthew J. Smith
> Version: 2.2.15
> OS: SuSE Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (137.99.80.243)
>
>
> In the SyncRepl configuration section of slapd.conf, there is no way to
> specify whether SyncRepl uses TLS or not. It seems to use it
automatically if
> it is available. A flag specifying would be very useful, allowing one to
specify
> a plain-text replication (over a secured network, say) from a master that
> normally provides TLS.
>
> My current issue is trying to build a new master that will be swapped in
place
> of the current master. The new master has an SSL certificate using the
current
> master's CN (ldap.uconn.edu), so that the swap will be seamless. However,
I
> need to establish SyncRepl replication to a new replica. The new replica
cannot
> correctly use TLS to the master, because the cert CN does not match the
> DNS-resolved FQDN.
>
> Currently, this will be overcome with /etc/hosts trickery, but a TLS
flag
> would be simpler (for me).
>
>