[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl with x509 certificates

To: openldap-software@openldap.org
Subject: Re: syncrepl with x509 certificates
From: Howard Chu <hyc@symas.com>
Date: Sun, 20 Jan 2008 19:45:06 -0800
In-reply-to: <20080120103102.GC25063@samad.com.au>
References: <20080120103102.GC25063@samad.com.au>
User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9b3pre) Gecko/2008011510 SeaMonkey/2.0a1pre

Alex Samad wrote:

Hi

I am trying to build a network of ldap nodes sync with syncrepl using x509
certificates.

I ran into a problem when I setup the first slace node, I create a certificate
that did not have SSL Client purpose, but did have SSL Server purpose - I am
presuming it is this, because 2 certificates made exactly the same way, 1 fails
- the non SSL Client and the other works the one that has the SSL Client
   purpose.

I am presuming that I need both purposes SSL Server and SSL Client - the former
to allow ldaps usage and the later for making ldap request and being a client
in a syncrepl scenario.

Is there

a) a way to specify another certificate to use in the syncrepl config


In OpenLDAP 2.4, yes. Read the manpage.

b) a way to not check for the SSL Client purpose in the certificate


That's a function of the SSL library; I would guess not.

For now I am going to create on that has both purposes ...

Alex

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/

Follow-Ups:
- Re: syncrepl with x509 certificates
  - From: Alex Samad <alex@samad.com.au>
- Re: syncrepl with x509 certificates
  - From: manu@netbsd.org (Emmanuel Dreyfus)

References:
- syncrepl with x509 certificates
  - From: Alex Samad <alex@samad.com.au>

Prev by Date: syncrepl with x509 certificates
Next by Date: Re: syncrepl with x509 certificates
Index(es):
- Chronological
- Thread