[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Secure replication via TLS/SSL



Hi,
James Shvarts wrote,

> Hello all,
> 
> i am using openldap-2.1.3 on solaris 9 and have setup master and slave 
> instance to operate on high ports to be able to start it as non-root.
> 
> the master log has the following directive:
> 
> replica host=somemachine.columbia.edu:9050
>        binddn="cn=replicator,dc=myorg,dc=org"
>        bindmethod=simple credentials=xxxxx
>        tls=yes
> 
> 1) if master is started with ldaps:// and slave is ldap:// the 
> replication works but i am still not convinced that the data is passed 
> securely using tls. i tried logging this communication with a high debug 
> level but it is still unclear if the tls=yes makes any difference.

Take a network sniffing tool  as tcpdump or ethereal.

> 2) if both are ldaps:// the replication does not work.

Replication only works with STARTTLS mechanism. Normal ldap port.

bye
  Waldemar

-- 
8485 D0CE 2743 656E 867C  5C93 0317 AFD8 BE21 BD90