[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Replication with slurpd - problems using TLS
--On Thursday, June 19, 2003 4:06 PM -0400 "Lawrence, Mike (White Plains)"
<Mike.Lawrence@starwoodhotels.com> wrote:
Hi Quanah - I will give it a shot, but I think I am very confused as to
what is going on with openldap/SSL/TLS in general. I don't have ldaps
turned on at all and TLS works fine over port 389 for ssh user
authentication
when the user is in ldap. And actually, that was the only way I was ever
able to get TLS working, was to basically abandon ldaps and port 636 and
just run ldap on 389 with start_tls in the /etc/ldap.conf file. So I am
very preplexed when you tell me that slurpd needs to do TLS over port 636
(and this also seems to run contrary to the way I it is done in the
O'Reilly LDAP book). So I will try it but I am very confused as to why :)
If anyone else has any insight into getting TLS turned on with slurpd I
would really appreciate it, I have been away from my LDAP project for a
few weeks and am back at this brick wall now trying to scale over it.
Thanks!
ldaps:// does tls over 389. Also, do you specify TLSCACertificateFile in
your slurpd.conf?
From our conf files:
master:
----------
replica host=ldap9.stanford.edu:389
tls=yes bindmethod=sasl
binddn=cn=replicator,cn=service,cn=applications,dc=stanford,dc=edu
saslmech=gssapi
slave:
--------
# Replica Directives
updatedn cn=replicator,cn=service,cn=applications,dc=stanford,dc=edu
updateref ldaps://ldap-master.stanford.edu
I.e.,
master:
-------
replogfile /opt/csw/var/openldap-slurp/replica/slapd.replog
replica host=10.14.12.33:389
suffix="dc=webtech,dc=com"
binddn="cn=replica,dc=webtech,dc=com"
credentials=secret
bindmethod=simple
tls=yes
slave:
-------
rootdn "cn=replica,dc=webtech,dc=com"
rootpw {crypt}JOEAfuddHpilE
updatedn "cn=replica,dc=webtech,dc=com"
updateref ldaps://10.14.12.32
--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html