[Date Prev][Date Next]
Re: Slurpd and TLS/SSL
Howard Chu <email@example.com> wrote:
> All that matters is that both servers are properly configured to
> recognize/accept each other's certs. However, it's usually a bad idea to
> use self-signed certs for servers. Any time you need to use more than
> one cert you should create an actual CA cert and use it to sign all the
> others that you'll use.
All in good time. But thanks for the suggestion.
> Remember that slurpd is an LDAP client, not an LDAP server. It only
> extracts a few bits of info out of slapd.conf, the rest of its
> configuration (including TLS parameters) must be set via ldap.conf.
Got here O'Reilly's "LDAP System Administration" (now rather
out-of-date, but still useful) and the OpenLDAP.org admin guide.
Neither mentions anything about ldap.conf in relation of replication.
Is now the point at which I mention I'm more confused than ever?