[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Security, SSF and localhost lookups



> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of M Butcher

> It occurs to me that the main reason I have port 389 open is so that I
> can do replication. I couldn't figure out how to do it over
> LDAPS, so I
> did configured it to use LDAP with tls=critical.
>
> If there is a way to do replication over LDAPS, then I can
> probably get
> around the security settings that way.
>
> Is there a way to do that?

Yes, but not using slapd.conf. See the ldap.conf(5) manpage, look at the TLS
option. If you set it to "yes" then all LDAP connections will be opened as
LDAPS sessions instead. You can set this in an environment variable before
slurpd starts, or you can set it in an "ldaprc" file stored in the directory
where slurpd executes.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support