[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slurpd and TLS/SSL



Howard Chu <hyc@symas.com> wrote:
> 
[snip]
> 
> All that matters is that both servers are properly configured to 
> recognize/accept each other's certs. However, it's usually a bad idea to 
> use self-signed certs for servers. Any time you need to use more than 
> one cert you should create an actual CA cert and use it to sign all the 
> others that you'll use.
[snip]

All in good time.  But thanks for the suggestion.

> Remember that slurpd is an LDAP client, not an LDAP server. It only 
> extracts a few bits of info out of slapd.conf, the rest of its 
> configuration (including TLS parameters) must be set via ldap.conf.

Got here O'Reilly's "LDAP System Administration" (now rather
out-of-date, but still useful) and the OpenLDAP.org admin guide.
Neither mentions anything about ldap.conf in relation of replication.

Is now the point at which I mention I'm more confused than ever?

Jim