[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Authenticated replication with TLS



Read the Admin Guide http://www.openldap.org/doc/admin21/tls.html and
ldap.conf(5). You need to setup a .ldaprc file for slurpd that tells where to
find the cert and private key that slurpd will use. You don't have to tell
SASL anything about this stuff, SASL/EXTERNAL is mostly a no-op as far as the
SASL library goes. It all depends on your .ldaprc file.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Jani
> Patokallio
> Sent: Thursday, October 24, 2002 2:05 AM
> To: openldap-software@OpenLDAP.org
> Subject: Authenticated replication with TLS
>
>
> Greetings,
>
> Despite quite a bit of searching on the Web, I've been unable to
> figure out exactly how I'm supposed to do authenticated replication
> through SASL EXTERNAL and TLS.  The OpenLDAP part of the server's
> configuration seems clear enough...
>
> replica bindmethod=sasl
>         mech=EXTERNAL
>         authcid=[myID]
>
> ...but how do I tell SASL where to find the server's key,
> certificates, etc?
> Could somebody with a working setup share their config files?
>
> FWIW, I'm using OpenLDAP 2.1.8 with Cyrus SASL 1.5.4, and
> have managed to
> get TLS and client-server authentication running quite happily.
>
> Cheers,
> --
> Jani Patokallio >0._, unction of my function. urge. urging of
> my purging.
> jpatokal@iki.fi  `..' nip. nip of my snip. now. now. now of
> my enow. NOW.
>
>