[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: syncrepl 2.4 issue from 2.3 master
- To: Quanah Gibson-Mount <quanah@zimbra.com>
- Subject: Re: syncrepl 2.4 issue from 2.3 master
- From: FRLinux <frlinux@gmail.com>
- Date: Mon, 21 Sep 2009 10:02:46 +0100
- Cc: openldap <openldap-software@openldap.org>
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=SZjHqWIcMMRvvkF1cyXyA4cGq5cg1PP9/WWuYuQgC3A=; b=WABH6cJLqo1l36vcNxe5cnxkkUFdCKD07mirT7T+Y/jsMMA4nkKgMlg6ZRtBZ5OjRi iQM043jWlhXWxVetcgCmEGk4oZvbSIEM7HQOKXOgSpl/b+yhUIOMAqmQRadoHlNihZQN G22iiD/yuR2DG8JLQR4HIAjyXGyDzrbkveZN4=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=FevpaKWPPn4508Be8MgGF2F2cq42xEVUYTqEtmhxQc75jMeBBTeSt7fF6sxYx0HCnW D+RxWGpeiOyDp1M/BZ6zjC7ZdMNE7eeKgL5MC0mRHlwp2baE9yCJ40b9PVUEZyy/sLix 9pzH+krZVF53MI+OBFxHN5qzBQCjxCeQgklYA=
- In-reply-to: <85BFAE609A5FD6079FB960C0@192.168.1.199>
- References: <a8139f990909180929j42333d6ej3df60f34921564df@mail.gmail.com> <85BFAE609A5FD6079FB960C0@192.168.1.199>
On Fri, Sep 18, 2009 at 11:31 PM, Quanah Gibson-Mount <quanah@zimbra.com> wrote:
> Read the 2.4 Admin guide to start, the TLS options for syncrepl are now part
> of the syncrepl stanza. You will want to configure it there.
Hello, quick one about this, i read this page:
http://www.openldap.org/doc/admin24/slapdconfig.html#syncrepl
The part I am wondering about is this: "by default the TLS parameters
from a ldap.conf(5) configuration file will be used. TLS settings may
be specified here, in which case any ldap.conf(5) settings will be
completely ignored"
So i do have a valid /etc/ldap.conf which contains references to TLS
cert and stuff, why do i need more settings in slapd.conf? Reason I am
asking is when i add this, in the syncrepl section, it fails saying
unknown directive:
[starttls=yes|critical]
[tls_cacert=<file>]
For info, this is my ldap.conf:
BASE dc=example, dc=com
URI ldaps://masterldap.example.com:636/
TLS_CACERT /etc/ldap/cert/cacert.pem
TLS_REQCERT demand
Cheers,
Steph