Re: Slurpd over SSL

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Thursday, November 20, 2003 12:23 AM -0300 Estevam Viragh 
<estevamviragh@yahoo.com.br> wrote:

TLS works for us.  Here is our MASTER's slapd.conf replica related def's:

# need to be changed - specific to server
# this is specific to HOSTNAME.stanford.edu
TLSCertificateFile      /etc/ldap/HOSTNAME.cert
TLSCertificateKeyFile   /etc/ldap/HOSTNAME.key
TLSCACertificateFile    /etc/ldap/comodo-full.pem

replica         host=ldap9.stanford.edu:389
               tls=yes bindmethod=sasl

binddn=cn=replicator,cn=service,cn=applications,dc=stanford,dc=edu 
saslmech=gssapi


Our ldap.conf (on both master and replica's) looks like:

BASE    dc=stanford, dc=edu

TLS_CACERT /etc/ldap/comodo-full.pem
TLS_CERT /etc/ldap/HOSTNAME.cert
TLS_KEY /etc/ldap/HOSTNAME.key
TLS_REQCERT try


Our REPLICA slapd.conf looks like:

# need to be changed - specific to server
# this is specific to HOSTNAME.stanford.edu
TLSCertificateFile      /etc/ldap/HOSTNAME.cert
TLSCertificateKeyFile   /etc/ldap/HOSTNAME.key
TLSCACertificateFile    /etc/ldap/comodo-full.pem

# Replica Directives

updatedn        cn=replicator,cn=service,cn=applications,dc=stanford,dc=edu
updateref       ldaps://ldap-master.stanford.edu


--Quanah



--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html