[Date Prev][Date Next] [Chronological] [Thread] [Top]

slurpd and tls replication

Thanks for your assist - the problem *was* StartTLS vs SSL. I have now got replication working with StartTLS with the slave listening on 389, and confirmed that it does negotiate an encrypted connection.

Here's the replica stanza from slapd.conf on the master:

# For secure replication to work must have slave listening on standard
# LDAP port (389) and compiled with --with-tls
replica host=metacortex.humanfactors.uq.edu.au:389 tls=yes
        bindmethod=simple credentials=changed_to_protect_the_guilty

I also put in the slave slapd.conf the directive:
    TLSCipherSuite HIGH:MEDIUM:+TLSv1

This means our replication traffic is now not going over in the clear.

Is it not possible to implement secure replication over normal SSL on port 636? Now I have TLS working, I don't need it, but was a bit of a red-herring in the hunt for a solution.

Thanks again.