[Date Prev][Date Next] [Chronological] [Thread] [Top]

replication and tls

Hello list,

Using version 2.2.23 (Debian Sarge) with slurpd-replication, I see that
the certificates are exchanged and replication works, but the
replicator's username/pass is passing cleartext over the line.

-- master slapd.conf:
replica uri=ldap://ldapslave.example.com starttls=yes
        bindmethod=simple credentials=secret

-- master ldap.conf:
TLS_CACERT /etc/ldap/cacert.crt

-- slave slapd.conf
TLSCACertificateFile /etc/ldap/cacert.crt
TLSCertificateFile /etc/ldap/ldapslave.example.com-cert.pem
TLSCertificateKeyFile /etc/ldap/ldapslave.example.com-key.pem

When connecting to the servers (master and slave) with gq, tls is
working. Anyone a hint?


It is better to remain silent and be thought a fool, than to speak
aloud and remove all doubt.

| Richard Lucassen, Utrecht                                        |
| Public key and email address:                                    |
| http://www.lucassen.org/mail-pubkey.html                         |