[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Sync Replication via TLS/SSL - get bind err

To: "Chris G. Sellers" <chris.sellers@nitle.org>, openldap-software@openldap.org
Subject: Re: Sync Replication via TLS/SSL - get bind err
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Thu, 20 Dec 2007 08:54:19 -0800
Content-disposition: inline
In-reply-to: <D278B031-92C5-4440-A308-B774FAF97C12@nitle.org>
References: <D278B031-92C5-4440-A308-B774FAF97C12@nitle.org>

--On December 20, 2007 11:03:44 AM -0500 "Chris G. Sellers" <chris.sellers@nitle.org> wrote:

which suggests that the connection could not be made on port 389 via TLS.
I can't figure out how to tell the repl connection to send a certificate.
Do I have to setup a user in LDAP with a cert?  Do I put a client cert
into the syncrepl section of the slapd.conf file on the slave?   Please
advise.

You are confused. LDAPv3 startTLS is used to encrypt connections over port 389 (or other ports). The Ldapv2 HACK to do TLS over port 636 (ldaps://) is the other way of doing SSL encryption. You are mixing these two very different mechanisms.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- Re: Sync Replication via TLS/SSL - get bind err
  - From: "Chris G. Sellers" <Chris.Sellers@nitle.org>

References:
- Sync Replication via TLS/SSL - get bind err
  - From: "Chris G. Sellers" <chris.sellers@nitle.org>

Prev by Date: Sync Replication via TLS/SSL - get bind err
Next by Date: Re: very slow queries sometimes with alias deref always and scope sub
Index(es):
- Chronological
- Thread