[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Slurpd over SSL
--On Thursday, November 20, 2003 12:23 AM -0300 Estevam Viragh
<estevamviragh@yahoo.com.br> wrote:
TLS works for us. Here is our MASTER's slapd.conf replica related def's:
# need to be changed - specific to server
# this is specific to HOSTNAME.stanford.edu
TLSCertificateFile /etc/ldap/HOSTNAME.cert
TLSCertificateKeyFile /etc/ldap/HOSTNAME.key
TLSCACertificateFile /etc/ldap/comodo-full.pem
replica host=ldap9.stanford.edu:389
tls=yes bindmethod=sasl
binddn=cn=replicator,cn=service,cn=applications,dc=stanford,dc=edu
saslmech=gssapi
Our ldap.conf (on both master and replica's) looks like:
BASE dc=stanford, dc=edu
TLS_CACERT /etc/ldap/comodo-full.pem
TLS_CERT /etc/ldap/HOSTNAME.cert
TLS_KEY /etc/ldap/HOSTNAME.key
TLS_REQCERT try
Our REPLICA slapd.conf looks like:
# need to be changed - specific to server
# this is specific to HOSTNAME.stanford.edu
TLSCertificateFile /etc/ldap/HOSTNAME.cert
TLSCertificateKeyFile /etc/ldap/HOSTNAME.key
TLSCACertificateFile /etc/ldap/comodo-full.pem
# Replica Directives
updatedn cn=replicator,cn=service,cn=applications,dc=stanford,dc=edu
updateref ldaps://ldap-master.stanford.edu
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html