[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS=yes (ITS#1739)

Full_Name: Martin Cantwell
Version: openldap-2.0.23
OS: Linux Turbo
Submission from: (NULL) (

I have a master LDAP server a number of slaves, and replication using slurpd
over TLS. - It all works OK.
My understanding is that LDAP clients can establish connection via SSL on port
636, or use startTLS on port 389. - Fine.
>From slurpd replication you specify TLS=yes, and as long as the server
certificate CN matches, then it will startTLS on port 389 and work correctly,
otherwise it drops down to just LDAP v3 communication, i.e. not secure. I have
checked this using -d-1 on the slurpd process, i.e. fact not heresay.
However I would like to INSIST that replication uses TLS, and if the slave
cannot perform TLS then it fails, a sort of tls=insist option.