[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slurpd over SSL



Oh yeah, this is TLS not SSL.

--Quanah

--On Wednesday, November 19, 2003 11:22 PM -0800 Quanah Gibson-Mount <quanah@stanford.edu> wrote:



--On Thursday, November 20, 2003 12:23 AM -0300 Estevam Viragh
<estevamviragh@yahoo.com.br> wrote:

TLS works for us.  Here is our MASTER's slapd.conf replica related def's:

# need to be changed - specific to server
# this is specific to HOSTNAME.stanford.edu
TLSCertificateFile      /etc/ldap/HOSTNAME.cert
TLSCertificateKeyFile   /etc/ldap/HOSTNAME.key
TLSCACertificateFile    /etc/ldap/comodo-full.pem

replica         host=ldap9.stanford.edu:389
                tls=yes bindmethod=sasl
 binddn=cn=replicator,cn=service,cn=applications,dc=stanford,dc=edu
saslmech=gssapi


Our ldap.conf (on both master and replica's) looks like:

BASE    dc=stanford, dc=edu

TLS_CACERT /etc/ldap/comodo-full.pem
TLS_CERT /etc/ldap/HOSTNAME.cert
TLS_KEY /etc/ldap/HOSTNAME.key
TLS_REQCERT try


Our REPLICA slapd.conf looks like:

# need to be changed - specific to server
# this is specific to HOSTNAME.stanford.edu
TLSCertificateFile      /etc/ldap/HOSTNAME.cert
TLSCertificateKeyFile   /etc/ldap/HOSTNAME.key
TLSCACertificateFile    /etc/ldap/comodo-full.pem

# Replica Directives

updatedn
cn=replicator,cn=service,cn=applications,dc=stanford,dc=edu
updateref       ldaps://ldap-master.stanford.edu


--Quanah



--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html



-- Quanah Gibson-Mount Principal Software Developer ITSS/TSS/Computing Systems ITSS/TSS/Infrastructure Operations Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html