[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slurpd and tls replication



Sarah,

Do you have a proper certificate or a self signed one?

We use a selfsigned one, and slurpd shows an error
with tls=critical, but works ok with tls=yes however it
doesn't encrypt the traffic.

Cheers
Dave

----- Original Message ----- 
From: "Sarah Hollings" <sarahhollings@optushome.com.au>
To: <openldap-software@OpenLDAP.org>
Sent: Saturday, March 22, 2003 5:19 PM
Subject: slurpd and tls replication


> Thanks for your assist - the problem *was* StartTLS vs SSL.  I have now 
> got replication working with StartTLS with the slave listening on 389, 
> and confirmed that it does negotiate an encrypted connection.
> 
> Here's the replica stanza from slapd.conf on the master:
> 
> # For secure replication to work must have slave listening on standard
> # LDAP port (389) and compiled with --with-tls
> replica host=metacortex.humanfactors.uq.edu.au:389 tls=yes
>          binddn="cn=Replicator,dc=humanfactors,dc=uq,dc=edu,dc=au"
>          bindmethod=simple credentials=changed_to_protect_the_guilty
> 
> I also put in the slave slapd.conf the directive:
>      TLSCipherSuite HIGH:MEDIUM:+TLSv1
> 
> This means our replication traffic is now not going over in the clear.
> 
> Is it not possible to implement secure replication over normal SSL on 
> port 636?  Now I have TLS working, I don't need it, but was a bit of a 
> red-herring in the hunt for a solution.
> 
> Thanks again.
> 
> Rgds,
> 
>