[Date Prev][Date Next] [Chronological] [Thread] [Top]

replication and tls

To: openldap-software@OpenLDAP.org
Subject: replication and tls
From: richard lucassen <mailinglists@lucassen.org>
Date: Sat, 13 May 2006 17:15:13 +0200
Organization: XAQ Systems

Hello list,

Using version 2.2.23 (Debian Sarge) with slurpd-replication, I see that
the certificates are exchanged and replication works, but the
replicator's username/pass is passing cleartext over the line.

-- master slapd.conf:
replica uri=ldap://ldapslave.example.com starttls=yes
        binddn=cn=replicator,dc=example,dc=com
        bindmethod=simple credentials=secret

-- master ldap.conf:
TLS_CACERT /etc/ldap/cacert.crt


-- slave slapd.conf
TLSCACertificateFile /etc/ldap/cacert.crt
TLSCertificateFile /etc/ldap/ldapslave.example.com-cert.pem
TLSCertificateKeyFile /etc/ldap/ldapslave.example.com-key.pem

When connecting to the servers (master and slave) with gq, tls is
working. Anyone a hint?

Richard.

-- 
___________________________________________________________________
It is better to remain silent and be thought a fool, than to speak
aloud and remove all doubt.

+------------------------------------------------------------------+
| Richard Lucassen, Utrecht                                        |
| Public key and email address:                                    |
| http://www.lucassen.org/mail-pubkey.html                         |
+------------------------------------------------------------------+

Follow-Ups:
- Re: replication and tls
  - From: "Francisco Saito" <fksaito@gmail.com>

Prev by Date: Re: Please test OPENLDAP_REL_ENG_2_3
Next by Date: Re: replication and tls
Index(es):
- Chronological
- Thread