On Mon, Jan 21, 2008 at 06:12:33AM +0100, Emmanuel Dreyfus wrote: > Howard Chu <hyc@symas.com> wrote: > > > > a) a way to specify another certificate to use in the syncrepl config > > In OpenLDAP 2.4, yes. Read the manpage. > > With 2.3, if a different cn is needed for the ldaps server and the > syncrepl client, a certificate with subjectAltName may help. its not the name. There seems to be 2 scenario's that a cert is used, 1) as a server to verify that you have connected to the right machine and to ensure you packets are encrypted. This requires a certificate with purpose SSL Server 2) as a client when a ldap server in a syncrepl setup is talking to the master server. This requires a certificate with purpose SSL Client. I am trying to find out if it is possible to use a different certificate for the syncrepl process, but I can't find it. Maybe its in saslmech option. Alex > > -- > Emmanuel Dreyfus > http://hcpnet.free.fr/pubz > manu@netbsd.org > -- "The singers all loathe the sight of one another, the chorus despises the singers, they both hate the orchestra, and everyone fears the conductor; the staff on one prompt side won't talk to the staff on the opposite prompt side, the dancers are all crazed from hunger in any case..." (Maskerade)
Attachment:
signature.asc
Description: Digital signature