[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Secure replication via TLS/SSL

To: openldap-software@OpenLDAP.org
Subject: Re: Secure replication via TLS/SSL
From: Waldemar Brodkorb <wbx@luusa.org>
Date: Wed, 2 Oct 2002 18:04:31 +0200
Content-disposition: inline
In-reply-to: <3D9B0E8B.6010509@columbia.edu>
References: <3D9B0E8B.6010509@columbia.edu>
User-agent: Mutt/1.4i

Hi,
James Shvarts wrote,

> Hello all,
> 
> i am using openldap-2.1.3 on solaris 9 and have setup master and slave 
> instance to operate on high ports to be able to start it as non-root.
> 
> the master log has the following directive:
> 
> replica host=somemachine.columbia.edu:9050
>        binddn="cn=replicator,dc=myorg,dc=org"
>        bindmethod=simple credentials=xxxxx
>        tls=yes
> 
> 1) if master is started with ldaps:// and slave is ldap:// the 
> replication works but i am still not convinced that the data is passed 
> securely using tls. i tried logging this communication with a high debug 
> level but it is still unclear if the tls=yes makes any difference.

Take a network sniffing tool  as tcpdump or ethereal.

> 2) if both are ldaps:// the replication does not work.

Replication only works with STARTTLS mechanism. Normal ldap port.

bye
  Waldemar

-- 
8485 D0CE 2743 656E 867C  5C93 0317 AFD8 BE21 BD90

References:
- Secure replication via TLS/SSL
  - From: James Shvarts <ys2046@columbia.edu>

Prev by Date: Encrypting replication password
Next by Date: Re: Encrypting replication password
Index(es):
- Chronological
- Thread