[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slurpd and TLS/SSL



Quanah Gibson-Mount <quanah@stanford.edu> wrote:
> 
> --On Thursday, October 13, 2005 12:34 PM -0400 Jim Seymour 
[snip]
> >
> > I tried "uri=https://host.example.com:389"; and that, too, failed
> > silently.
> 
> This would be SSL over port 389, not TLS over 389.

Yeah, I figured.

> 
> Also, ldap URI's use "ldaps://" or "ldap://"; not "https".  
[snip]

That was a typo in the email.  I actually had "ldaps://" in the 
config.  Sorry.

> 
> So if you want to use TLS, you'd use:
> 
> uri="ldap://...."; starttls=yes

Okay, here's the actual config, with only the hostname changed:

olcReplica: {0}uri=ldap://host.subdomain.example.com:389
  suffix="dc=example,dc=com"
  starttls=yes
  bindmethod=simple
  binddn="cn=replica,dc=example,dc=com"
  credentials="somepassword"
olcReplogFile: /usr/local/var/openldap-slurp/replog

This works, but does not result in an encrypted connection.

Thanks,
Jim
-- 
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.linxnet.com/scform.php>.