[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS=yes (ITS#1739)

To: openldap-its@OpenLDAP.org
Subject: TLS=yes (ITS#1739)
From: mcantwell@paradigmone.com.au
Date: Wed, 10 Apr 2002 23:29:03 GMT

Full_Name: Martin Cantwell
Version: openldap-2.0.23
OS: Linux Turbo
URL: 
Submission from: (NULL) (203.53.176.140)


I have a master LDAP server a number of slaves, and replication using slurpd
over TLS. - It all works OK.
 
My understanding is that LDAP clients can establish connection via SSL on port
636, or use startTLS on port 389. - Fine.
 
>From slurpd replication you specify TLS=yes, and as long as the server
certificate CN matches, then it will startTLS on port 389 and work correctly,
otherwise it drops down to just LDAP v3 communication, i.e. not secure. I have
checked this using -d-1 on the slurpd process, i.e. fact not heresay.
 
However I would like to INSIST that replication uses TLS, and if the slave
cannot perform TLS then it fails, a sort of tls=insist option.
 
Comments?

Prev by Date: RE: one-level search error? (ITS#1654)
Next by Date: RE: TLS=yes (ITS#1739)
Index(es):
- Chronological
- Thread