[Date Prev][Date Next]
Re: Method for specifying SyncRepl use of TLS (ITS#3293)
Default is not to use starttls.
Starttls will not be used unless it is specified in the syncrepl definition.
>Can starttls be set to 'no' for scenarios where I want to force
>plain-text? What is the default if not specified? Please note, I just
>openned ITS #3293 requesting such a parameter.
>Thanks for the info,
----- Original Message -----
Sent: Friday, August 20, 2004 11:59 AM
Subject: Method for specifying SyncRepl use of TLS (ITS#3293)
> Full_Name: Matthew J. Smith
> Version: 2.2.15
> OS: SuSE Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (220.127.116.11)
> In the SyncRepl configuration section of slapd.conf, there is no way to
> specify whether SyncRepl uses TLS or not. It seems to use it
> it is available. A flag specifying would be very useful, allowing one to
> a plain-text replication (over a secured network, say) from a master that
> normally provides TLS.
> My current issue is trying to build a new master that will be swapped in
> of the current master. The new master has an SSL certificate using the
> master's CN (ldap.uconn.edu), so that the swap will be seamless. However,
> need to establish SyncRepl replication to a new replica. The new replica
> correctly use TLS to the master, because the cert CN does not match the
> DNS-resolved FQDN.
> Currently, this will be overcome with /etc/hosts trickery, but a TLS
> would be simpler (for me).