[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Slurpd and TLS/SSL
Quanah Gibson-Mount <quanah@stanford.edu> wrote:
>
> --On Thursday, October 13, 2005 12:34 PM -0400 Jim Seymour
[snip]
> >
> > I tried "uri=https://host.example.com:389" and that, too, failed
> > silently.
>
> This would be SSL over port 389, not TLS over 389.
Yeah, I figured.
>
> Also, ldap URI's use "ldaps://" or "ldap://" not "https".
[snip]
That was a typo in the email. I actually had "ldaps://" in the
config. Sorry.
>
> So if you want to use TLS, you'd use:
>
> uri="ldap://...." starttls=yes
Okay, here's the actual config, with only the hostname changed:
olcReplica: {0}uri=ldap://host.subdomain.example.com:389
suffix="dc=example,dc=com"
starttls=yes
bindmethod=simple
binddn="cn=replica,dc=example,dc=com"
credentials="somepassword"
olcReplogFile: /usr/local/var/openldap-slurp/replog
This works, but does not result in an encrypted connection.
Thanks,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.linxnet.com/scform.php>.