[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slurpd over SSL



Quanah Gibson-Mount wrote:



--On Thursday, November 20, 2003 12:23 AM -0300 Estevam Viragh <estevamviragh@yahoo.com.br> wrote:

TLS works for us.  Here is our MASTER's slapd.conf replica related def's:

# need to be changed - specific to server
# this is specific to HOSTNAME.stanford.edu
TLSCertificateFile      /etc/ldap/HOSTNAME.cert
TLSCertificateKeyFile   /etc/ldap/HOSTNAME.key
TLSCACertificateFile    /etc/ldap/comodo-full.pem

Is HOSTNAME.cert HOSTNAME.key comodo-full.pem in MASTER's slapd.conf differs from same files on
REPLICA slapd.conf file?


replica         host=ldap9.stanford.edu:389
               tls=yes bindmethod=sasl

binddn=cn=replicator,cn=service,cn=applications,dc=stanford,dc=edu saslmech=gssapi


Our ldap.conf (on both master and replica's) looks like:

BASE    dc=stanford, dc=edu

TLS_CACERT /etc/ldap/comodo-full.pem
TLS_CERT /etc/ldap/HOSTNAME.cert
TLS_KEY /etc/ldap/HOSTNAME.key
TLS_REQCERT try


Our REPLICA slapd.conf looks like:

# need to be changed - specific to server
# this is specific to HOSTNAME.stanford.edu
TLSCertificateFile      /etc/ldap/HOSTNAME.cert
TLSCertificateKeyFile   /etc/ldap/HOSTNAME.key
TLSCACertificateFile    /etc/ldap/comodo-full.pem

# Replica Directives

updatedn cn=replicator,cn=service,cn=applications,dc=stanford,dc=edu
updateref ldaps://ldap-master.stanford.edu