[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Replication with slurpd - problems using TLS

--On Thursday, June 19, 2003 4:06 PM -0400 "Lawrence, Mike (White Plains)" <Mike.Lawrence@starwoodhotels.com> wrote:

Hi Quanah - I will give it a shot, but I think I am very confused as to what is going on with openldap/SSL/TLS in general. I don't have ldaps turned on at all and TLS works fine over port 389 for ssh user authentication when the user is in ldap. And actually, that was the only way I was ever able to get TLS working, was to basically abandon ldaps and port 636 and just run ldap on 389 with start_tls in the /etc/ldap.conf file. So I am very preplexed when you tell me that slurpd needs to do TLS over port 636 (and this also seems to run contrary to the way I it is done in the O'Reilly LDAP book). So I will try it but I am very confused as to why :)

If anyone else has any insight into getting TLS turned on with slurpd I
would really appreciate it, I have been away from my LDAP project for a
few weeks and am back at this brick wall now trying to scale over it.

ldaps:// does tls over 389. Also, do you specify TLSCACertificateFile in your slurpd.conf?

From our conf files:

master: ---------- replica host=ldap9.stanford.edu:389 tls=yes bindmethod=sasl

binddn=cn=replicator,cn=service,cn=applications,dc=stanford,dc=edu saslmech=gssapi

slave: -------- # Replica Directives

updatedn        cn=replicator,cn=service,cn=applications,dc=stanford,dc=edu
updateref       ldaps://ldap-master.stanford.edu

replogfile      /opt/csw/var/openldap-slurp/replica/slapd.replog

replica         host=

slave: ------- rootdn "cn=replica,dc=webtech,dc=com" rootpw {crypt}JOEAfuddHpilE updatedn "cn=replica,dc=webtech,dc=com" updateref ldaps://

Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html