[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slurpd and TLS/SSL



Jim Seymour wrote:
Remember that slurpd is an LDAP client, not an LDAP server. It only extracts a few bits of info out of slapd.conf, the rest of its configuration (including TLS parameters) must be set via ldap.conf.

Got here O'Reilly's "LDAP System Administration" (now rather out-of-date, but still useful) and the OpenLDAP.org admin guide. Neither mentions anything about ldap.conf in relation of replication.

Is now the point at which I mention I'm more confused than ever?
In that case, now would be the point to say RTFM. From the slurpd(8) man page, DESCRIPTION section:

Note that slurpd reads *replication* directive from *slapd.conf* <http://192.168.1.1/%7Ehyc/man/man5/slapd.conf.5>(5), but uses *ldap.conf* <http://192.168.1.1/%7Ehyc/man/man5/ldap.conf.5>(5) to obtain other configuration settings (such as TLS settings).

I would also mention that as far as I know, nobody working on that O'Reilly book ever contacted anyone on the OpenLDAP project re: reviewing its content. (And yes, we have done so when asked by other authors in the past.) As such, the book's technical accuracy and best-practice suggestions are somewhat questionable.

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/