Re: Sync Replication via TLS/SSL - get bind err

[Quanah Gibson-Mount <quanah@zimbra.com>]

--On December 20, 2007 7:45:13 PM +0100 RUMI Szabolcs <rumi_ml@rtfm.hu> 
wrote:

> IMHO it is extremely harsh how the self-signed certs are treated by
> OpenLDAP. In the majority of cases this is forcing people (after many
> hours of struggling) to use "TLS_REQCERT never" or similar settings,
> which ends up being a lot more insecure than it would be to accept a
> known self-signed cert... Not to mention that the syncrepl suboption
> "tls_reqcert=never" is apparently ignored so practically I've found
> that syncrepl is currently inoperable with any form of encryption.
> Is there anybody who could tell me what this is good for?

Interestingly, plenty of people have gotten this to work.  First, you need 
to know how to create self-signed certs using a CA.  Of course, that's 
really off-topic for the OpenLDAP list, even though it has been discussed 
many times.  But until you know how to get that working, you won't be able 
to get the syncrepl client to work, either.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration