[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: syncrepl with ssl
James <james@nttmcl.com> writes:
> Dieter Kluenter wrote:
>> Hi,
>>
>> James <james@nttmcl.com> writes:
>>
>>
>>> Dieter Kluenter wrote:
>>>
>>>> "Dieter Kluenter" <dieter@dkluenter.de> writes:
>>>>
>>>>
>>>>
>>>>> James <james@nttmcl.com> writes:
>>>>>
>> [...]
>>
>>>>> And what is the TLS part of the consumer slapd.conf looking like?
>>>>>
>>>>>
>>>> Sorry, my fault, it should read ldap.conf
>>>>
>>>> -Dieter
>>>>
>>>>
>>>>
>>> timelimit 120
>>> bind_timelimit 120
>>> idle_timelimit 3600
>>> nss_initgroups_ignoreusers
>>> root,ldap,named,avahi,haldaemon,postfix,messagebus
>>> URI ldaps://master.example.com
>>> BASE dc=example,dc=com
>>> ldap_version 3
>>> pam_password exop
>>> ssl on
>>> tls_ciphers HIGH:MEDIUM:+SSLv2:RSA
>>> tls_checkpeer no
>>> TLS_CACERT /etc/ssl/cacert.pem
>>> TLS_REQCERT allow
>>>
>>
>> Most of this are not valid parameters for OpenLDAP. This file is a
>> mixture of pam_ldap.conf and openldap/ldap.conf
> does that cause problems? because i just symlink libnss-ldap.conf and
> pam_ldap.conf to ldap.conf for ease of management
> If it does cause problems can you give me an example of what to
> separate out where?
It may cause problems in so far, that clients may refuse to recognise
the file contents as valid parameters.
You may strace or truss the slapd pid to view the files opend and
read.
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6