[Date Prev][Date Next]
Re: Method for specifying SyncRepl use of TLS (ITS#3293)
Given that an undocumented method does exist, we should
regard this ITS as a request to document that method.
At 05:59 PM 8/20/2004, email@example.com wrote:
>Full_Name: Matthew J. Smith
>OS: SuSE Linux
>Submission from: (NULL) (18.104.22.168)
> In the SyncRepl configuration section of slapd.conf, there is no way to
>specify whether SyncRepl uses TLS or not. It seems to use it automatically if
>it is available. A flag specifying would be very useful, allowing one to specify
>a plain-text replication (over a secured network, say) from a master that
>normally provides TLS.
> My current issue is trying to build a new master that will be swapped in place
>of the current master. The new master has an SSL certificate using the current
>master's CN (ldap.uconn.edu), so that the swap will be seamless. However, I
>need to establish SyncRepl replication to a new replica. The new replica cannot
>correctly use TLS to the master, because the cert CN does not match the
> Currently, this will be overcome with /etc/hosts trickery, but a TLS flag
>would be simpler (for me).