[Date Prev][Date Next] [Chronological] [Thread] [Top]

slurpd and tls replication

To: openldap-software@OpenLDAP.org
Subject: slurpd and tls replication
From: Sarah Hollings <sarahhollings@optushome.com.au>
Date: Sat, 22 Mar 2003 19:19:44 +1000
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021212

Thanks for your assist - the problem *was* StartTLS vs SSL. I have now got replication working with StartTLS with the slave listening on 389, and confirmed that it does negotiate an encrypted connection.

Here's the replica stanza from slapd.conf on the master:

# For secure replication to work must have slave listening on standard
# LDAP port (389) and compiled with --with-tls
replica host=metacortex.humanfactors.uq.edu.au:389 tls=yes
        binddn="cn=Replicator,dc=humanfactors,dc=uq,dc=edu,dc=au"
        bindmethod=simple credentials=changed_to_protect_the_guilty

I also put in the slave slapd.conf the directive:
    TLSCipherSuite HIGH:MEDIUM:+TLSv1

This means our replication traffic is now not going over in the clear.

Is it not possible to implement secure replication over normal SSL on port 636? Now I have TLS working, I don't need it, but was a bit of a red-herring in the hunt for a solution.

Thanks again.

Rgds,

Follow-Ups:
- RE: slurpd and tls replication
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: RE: OpenLDAP segfaults with back-perl and DBI - BUG??
Next by Date: Re: Speeding up queries ... or am I doing it the wrong way?
Index(es):
- Chronological
- Thread