[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl with ssl



Hi,

James <james@nttmcl.com> writes:

> Dieter Kluenter wrote:
>> "Dieter Kluenter" <dieter@dkluenter.de> writes:
>>
>>
>>> James <james@nttmcl.com> writes:
[...]
>>>>
>>> And what is the TLS part of the consumer slapd.conf looking like?
>>>
>>
>> Sorry, my fault, it should read ldap.conf
>>
>> -Dieter
>>
>>
> timelimit 120
> bind_timelimit 120
> idle_timelimit 3600
> nss_initgroups_ignoreusers
> root,ldap,named,avahi,haldaemon,postfix,messagebus
> URI ldaps://master.example.com
> BASE dc=example,dc=com
> ldap_version 3
> pam_password exop
> ssl on
> tls_ciphers  HIGH:MEDIUM:+SSLv2:RSA
> tls_checkpeer no
> TLS_CACERT /etc/ssl/cacert.pem
> TLS_REQCERT allow

Most of this are not valid parameters for OpenLDAP. This file is a
mixture of pam_ldap.conf and openldap/ldap.conf

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6