[Date Prev][Date Next]
slurpd and tls replication
Thanks for your assist - the problem *was* StartTLS vs SSL. I have now
got replication working with StartTLS with the slave listening on 389,
and confirmed that it does negotiate an encrypted connection.
Here's the replica stanza from slapd.conf on the master:
# For secure replication to work must have slave listening on standard
# LDAP port (389) and compiled with --with-tls
replica host=metacortex.humanfactors.uq.edu.au:389 tls=yes
I also put in the slave slapd.conf the directive:
This means our replication traffic is now not going over in the clear.
Is it not possible to implement secure replication over normal SSL on
port 636? Now I have TLS working, I don't need it, but was a bit of a
red-herring in the hunt for a solution.