[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: replica and ssl

To: Ottavio Campana <ottavio@campana.vi.it>, openldap-software@OpenLDAP.org
Subject: Re: replica and ssl
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Sat, 18 Dec 2004 08:59:39 -0800
Content-disposition: inline
In-reply-to: <41C3F208.4000503@campana.vi.it>
References: <41C3F208.4000503@campana.vi.it>

--On Saturday, December 18, 2004 10:02 AM +0100 Ottavio Campana <ottavio@campana.vi.it> wrote:

Today I was thinking about replica and ssl.

When you copy the information from a master to a slave server how is the
information moved? I mean, for I store password in a ldap server, should
I do something special to protect them while they're replicated?

I've always configured the slave with something similar to

rootdn  "cn=admin,dc=qualcosa"
rootpw  "passwordcopia"

updatedn "cn=admin,dc=qualcosa"
updateref "ldap://serveroriginale";

and the master with something like

replogfile      /var/lib/ldap/replog

replica host=servercopia:389 binddn="cn=admin,dc=qualcosa"
         bindmethod=simple credentials=passwordcopia

Should I use something like host=ldaps://servercopia:636 in them amster
and updateref "ldaps://serveroriginale:636" in the slave to use ssl and
be secure?


You could leave it on port 389, use TLS, and be just as secure.

replica host=servercopia:389 binddn="cn=admin,dc=qualcosa"
         bindmethod=simple credentials=passwordcopia starttls=critical


--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- Re: replica and ssl
  - From: Michael Ströder <michael@stroeder.com>

References:
- replica and ssl
  - From: Ottavio Campana <ottavio@campana.vi.it>

Prev by Date: replica and ssl
Next by Date: Always about replica server
Index(es):
- Chronological
- Thread