[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slurp SSL replication

To: Pierangelo Masarati <ando@sys-net.it>
Subject: Re: Slurp SSL replication
From: Mike Nuss <mnuss@ammasso.com>
Date: Thu, 28 Oct 2004 16:25:52 -0400
Cc: openldap-software@OpenLDAP.org
In-reply-to: <41815297.1050809@sys-net.it>
References: <41814F36.1080307@ammasso.com> <41815297.1050809@sys-net.it>
User-agent: Mozilla Thunderbird 0.8 (X11/20040913)

Pierangelo Masarati wrote:

Mike Nuss wrote:
Hi,
I'm trying to set up slurp replication, which is something I haven't done before. I have it working fine over port 389 with plaintext, but for obvious security reasons I would like to have that traffic encrypted. I'm using openldap 2.0.27, which I'm told doesn't support the replica uri=ldaps://host.domain.tld/ syntax, so my master slapd.conf looks like this:

replica host=x.ammasso.com:636 tls=yes bindmethod=simple credentials=secret binddn="cn=x,o=Ammasso,c=US"
This topic has been discussed hundreds of times; please check in the archives. I don't know if it works with 2.0, though, but TLS is performed on port 389 (or at least on a port that listens for plain ldap, not ldaps). So don't use ":636", leave it to ":389", and use tls=crutucal, otherwise, your connection will go unencrypted with little warnings if TLS fails.

Wow. That was easy! :-)

Thanks,
Mike Nuss

References:
- Slurp SSL replication
  - From: Mike Nuss <mnuss@ammasso.com>
- Re: Slurp SSL replication
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: Slurp SSL replication
Next by Date: Re: TLS error: fatal: protocol version
Index(es):
- Chronological
- Thread