[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slurp SSL replication

Pierangelo Masarati wrote:

Mike Nuss wrote:


I'm trying to set up slurp replication, which is something I haven't done before. I have it working fine over port 389 with plaintext, but for obvious security reasons I would like to have that traffic encrypted. I'm using openldap 2.0.27, which I'm told doesn't support the replica uri=ldaps://host.domain.tld/ syntax, so my master slapd.conf looks like this:

replica host=x.ammasso.com:636 tls=yes
bindmethod=simple credentials=secret

This topic has been discussed hundreds of times; please check in the archives. I don't know if it works with 2.0, though, but TLS is performed on port 389 (or at least on a port that listens for plain ldap, not ldaps). So don't use ":636", leave it to ":389", and use tls=crutucal, otherwise, your connection will go unencrypted with little warnings if TLS fails.

Wow. That was easy! :-)

Mike Nuss