[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Security, SSF and localhost lookups

To: "'M Butcher'" <mbutcher@grcomputing.net>
Subject: RE: Security, SSF and localhost lookups
From: "Howard Chu" <hyc@highlandsun.com>
Date: Fri, 9 May 2003 15:33:10 -0700
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <1052519455.4233.44.camel@jericho>

> -----Original Message-----
> From: M Butcher [mailto:mbutcher@grcomputing.net]

> This makes sense. However, I can't get it to work.
> 
> Relevant part of ldap.conf:
> BASE    dc=mydomain,dc=net
> HOST    127.0.0.1
> 
> TLS_CACERT /usr/share/ssl/certs/cacert.pem
> TLS    hard
> 
> 
> Relevant part of slapd.conf:
> 	
> replica host=slave1.mydomain.net
>         tls=critical
>         binddn="cn=Replica,dc=mydomain,dc=net"
>         bindmethod=simple
>         credentials=secret
> 
> (Platform, BTW, is RH Linux 7.3 w/ OpenLDAP 2.1.17)
> 
> With this configuration, I never see traffic over LDAPS. E.g. using
> 'tcpdump host slave1.mydomain.net port ldaps' never logs any traffic,
> but doing the same thing on the ldap port shows a small amount of
> traffic -- enough to set up an SSL connection. But data is not getting
> replicated, and no errors are being reported in the logs.
> 
> Am I missing a step? Should tls=critical be removed? Do I need to
> manually set the port number to 636 in slapd.conf?

Yes, yes, and yes.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

References:
- RE: Security, SSF and localhost lookups
  - From: M Butcher <mbutcher@grcomputing.net>

Prev by Date: RE: Security, SSF and localhost lookups
Next by Date: RE: ldap traffic encryption with kerberos
Index(es):
- Chronological
- Thread