[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slurpd and TLS/SSL

To: openldap-software@OpenLDAP.org
Subject: Re: Slurpd and TLS/SSL
From: jseymour@linxnet.com (Jim Seymour)
Date: Thu, 13 Oct 2005 14:30:06 -0400 (EDT)
In-reply-to: <A44A7A6E9335B9542C38B559@cadabra-dsl.stanford.edu>

Quanah Gibson-Mount <quanah@stanford.edu> wrote:
> 
> --On Thursday, October 13, 2005 12:34 PM -0400 Jim Seymour 
[snip]
> >
> > I tried "uri=https://host.example.com:389"; and that, too, failed
> > silently.
> 
> This would be SSL over port 389, not TLS over 389.

Yeah, I figured.

> 
> Also, ldap URI's use "ldaps://" or "ldap://"; not "https".  
[snip]

That was a typo in the email.  I actually had "ldaps://" in the 
config.  Sorry.

> 
> So if you want to use TLS, you'd use:
> 
> uri="ldap://...."; starttls=yes

Okay, here's the actual config, with only the hostname changed:

olcReplica: {0}uri=ldap://host.subdomain.example.com:389
  suffix="dc=example,dc=com"
  starttls=yes
  bindmethod=simple
  binddn="cn=replica,dc=example,dc=com"
  credentials="somepassword"
olcReplogFile: /usr/local/var/openldap-slurp/replog

This works, but does not result in an encrypted connection.

Thanks,
Jim
-- 
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.linxnet.com/scform.php>.

References:
- Re: Slurpd and TLS/SSL
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: Slurpd and TLS/SSL
Next by Date: Re: Slurpd and TLS/SSL
Index(es):
- Chronological
- Thread