[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: secure replication (slurpd, TLS)

To: Serguei Alifanov <alifanov@financial.com>, openldap-software@OpenLDAP.org
Subject: Re: secure replication (slurpd, TLS)
From: Norbert Klasen <norbert.klasen@daasi.de>
Date: Fri, 16 Nov 2001 17:42:13 +0100
Content-disposition: inline
In-reply-to: <007901c16e84$42b59760$c801a8c0@hi70xw3261>
References: <007901c16e84$42b59760$c801a8c0@hi70xw3261>

--On Freitag, 16. November 2001 10:51 +0100 Serguei Alifanov <alifanov@financial.com> wrote:

If I delete port number 636 from config file - everething is OK!
Replication works over the non encrypted connection (port 389).

If you specify port 636 (ldaps), the server expects an SSL handshake first. With TLS however, an LDAPv3 connection is established first and then encryption is switched on with the StartTLS exteneded operation. So you should use the default ldap port with TLS. The check that the communication is actually encrypted use a tool such as ethereal.

--
Norbert Klasen
DAASI International GmbH                 phone: +49 7071 29 70336
Wilhelmstr. 106                          fax:   +49 7071 29 5114
72074 Tübingen                           email: norbert.klasen@daasi.de
Germany                                  web:   http://www.daasi.de

References:
- secure replication (slurpd, TLS)
  - From: "Serguei Alifanov" <alifanov@financial.com>

Prev by Date: Re: indexing createTimestamp
Next by Date: Re: Encrypted Passwords
Index(es):
- Chronological
- Thread