[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Secure replication via TLS/SSL
Hi,
James Shvarts wrote,
> Hello all,
>
> i am using openldap-2.1.3 on solaris 9 and have setup master and slave
> instance to operate on high ports to be able to start it as non-root.
>
> the master log has the following directive:
>
> replica host=somemachine.columbia.edu:9050
> binddn="cn=replicator,dc=myorg,dc=org"
> bindmethod=simple credentials=xxxxx
> tls=yes
>
> 1) if master is started with ldaps:// and slave is ldap:// the
> replication works but i am still not convinced that the data is passed
> securely using tls. i tried logging this communication with a high debug
> level but it is still unclear if the tls=yes makes any difference.
Take a network sniffing tool as tcpdump or ethereal.
> 2) if both are ldaps:// the replication does not work.
Replication only works with STARTTLS mechanism. Normal ldap port.
bye
Waldemar
--
8485 D0CE 2743 656E 867C 5C93 0317 AFD8 BE21 BD90