[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Antw: N-Way Multi-Master TLS problem

To: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>, openldap-technical@openldap.org
Subject: Re: Antw: N-Way Multi-Master TLS problem
From: Patrick Lists <openldap-list@puzzled.xs4all.nl>
Date: Wed, 31 Jul 2013 20:44:50 +0200
In-reply-to: <51F8FA0B020000A100012116@gwsmtp1.uni-regensburg.de>
References: <51F8A739.8030207@puzzled.xs4all.nl> <51F8FA0B020000A100012116@gwsmtp1.uni-regensburg.de>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130625 Thunderbird/17.0.7

On 07/31/2013 11:50 AM, Ulrich Windl wrote:

Hi!

I had the same problem, and I found a solution:

In config, don't use the host name as filename for the certificate/key, but use the service name (like "slapd"). Then (the confusing part), store the server's certificate in that "slapd" file. So even if the file name is the same on every server, the file's contents are different.

I use (SLES11, your paths may vary):

olcTLSCertificateFile: /etc/ssl/servercerts/slapd.pem
olcTLSCertificateKeyFile: /etc/ssl/private/slapd.key
olcTLSCACertificatePath: /etc/ssl/certs

Here that works fine, but I feel documentation should talk about that also.

Wow that certainly is a solution I did not see coming. Thanks! I think Igot it working now :-) IMHO it sounds like a bug to me. Never seen sucha requirement for a TLS config.


Thanks again, much appreciated!

Regards,
Patrick

References:
- N-Way Multi-Master TLS problem
  - From: Patrick Lists <openldap-list@puzzled.xs4all.nl>

Prev by Date: Re: Unique overlay not working, where is the misconfiguration ? [Debian 7 - 2.4.31]
Next by Date: Re: Unique overlay not working, where is the misconfiguration ? [Debian 7 - 2.4.31]
Index(es):
- Chronological
- Thread