[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slurpd and tls replication
Sarah,
Do you have a proper certificate or a self signed one?
We use a selfsigned one, and slurpd shows an error
with tls=critical, but works ok with tls=yes however it
doesn't encrypt the traffic.
Cheers
Dave
----- Original Message -----
From: "Sarah Hollings" <sarahhollings@optushome.com.au>
To: <openldap-software@OpenLDAP.org>
Sent: Saturday, March 22, 2003 5:19 PM
Subject: slurpd and tls replication
> Thanks for your assist - the problem *was* StartTLS vs SSL. I have now
> got replication working with StartTLS with the slave listening on 389,
> and confirmed that it does negotiate an encrypted connection.
>
> Here's the replica stanza from slapd.conf on the master:
>
> # For secure replication to work must have slave listening on standard
> # LDAP port (389) and compiled with --with-tls
> replica host=metacortex.humanfactors.uq.edu.au:389 tls=yes
> binddn="cn=Replicator,dc=humanfactors,dc=uq,dc=edu,dc=au"
> bindmethod=simple credentials=changed_to_protect_the_guilty
>
> I also put in the slave slapd.conf the directive:
> TLSCipherSuite HIGH:MEDIUM:+TLSv1
>
> This means our replication traffic is now not going over in the clear.
>
> Is it not possible to implement secure replication over normal SSL on
> port 636? Now I have TLS working, I don't need it, but was a bit of a
> red-herring in the hunt for a solution.
>
> Thanks again.
>
> Rgds,
>
>