[Date Prev][Date Next]
Re: Example for replication over SSL
As I have the same problem (and it's not working yet...) I sum up how I
think it should look like, and I put my questions in, too.
The scenario you descibe is not too different from having two LDAP
servers where at least the slave allows for TLS connections. The master
should have a replica entry in the slapd.conf like
replica host=ldapslave.my.org tls=yes bindmethod=simple
binddn="cn=manager, dc=my, dc=org" credentials=secret
See manpage slapd.conf(5). Unfortunately, the manpage refers to the
Administrators Guide for further information. In fact, the manpage (at
least on my install of 2.0.11) is more complete than the Administrators
So I don't know currently what the option tls=yes versus tls=critical
means. If it is the same as the parameter -Z versus -ZZ for the clients,
then of course you'd like to set tls=critical in order to firce the
slurpd to connect via TLS. If anybody can give valid information on
this, please jump in!
The rest depends on TLS configuration on the slave LDAP server.
Leo Cyr wrote:
I've read the "openldap 2.0 administrator's guide" and It makes reference
to secure replication; it even goes so far as to say it should be done no
other way unless the network is secure. However, it does not provide an
example slapd.conf file that will work with a slapd master, a slurpd, and
a slapd slave. Would someone provide a simple, working example?
BTW, I'm very fimilar with replication in general, I currently use 1.2.11
binding and replicating over ssh -- I want to get rid of my ssh tunnels.