[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: replica and ssl





--On Saturday, December 18, 2004 10:02 AM +0100 Ottavio Campana <ottavio@campana.vi.it> wrote:

Today I was thinking about replica and ssl.

When you copy the information from a master to a slave server how is the
information moved? I mean, for I store password in a ldap server, should
I do something special to protect them while they're replicated?

I've always configured the slave with something similar to

rootdn  "cn=admin,dc=qualcosa"
rootpw  "passwordcopia"

updatedn "cn=admin,dc=qualcosa"
updateref "ldap://serveroriginale";

and the master with something like

replogfile      /var/lib/ldap/replog

replica host=servercopia:389 binddn="cn=admin,dc=qualcosa"
         bindmethod=simple credentials=passwordcopia

Should I use something like host=ldaps://servercopia:636 in them amster
and updateref "ldaps://serveroriginale:636" in the slave to use ssl and
be secure?

You could leave it on port 389, use TLS, and be just as secure.

replica host=servercopia:389 binddn="cn=admin,dc=qualcosa"
         bindmethod=simple credentials=passwordcopia starttls=critical


--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html