[Date Prev][Date Next]
Re: slurpd and tls replication
Do you have a proper certificate or a self signed one?
We use a selfsigned one, and slurpd shows an error
with tls=critical, but works ok with tls=yes however it
doesn't encrypt the traffic.
----- Original Message -----
From: "Sarah Hollings" <firstname.lastname@example.org>
Sent: Saturday, March 22, 2003 5:19 PM
Subject: slurpd and tls replication
> Thanks for your assist - the problem *was* StartTLS vs SSL. I have now
> got replication working with StartTLS with the slave listening on 389,
> and confirmed that it does negotiate an encrypted connection.
> Here's the replica stanza from slapd.conf on the master:
> # For secure replication to work must have slave listening on standard
> # LDAP port (389) and compiled with --with-tls
> replica host=metacortex.humanfactors.uq.edu.au:389 tls=yes
> bindmethod=simple credentials=changed_to_protect_the_guilty
> I also put in the slave slapd.conf the directive:
> TLSCipherSuite HIGH:MEDIUM:+TLSv1
> This means our replication traffic is now not going over in the clear.
> Is it not possible to implement secure replication over normal SSL on
> port 636? Now I have TLS working, I don't need it, but was a bit of a
> red-herring in the hunt for a solution.
> Thanks again.