[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: replication and tls



Hello,

Add a clausule:
tls=critical  after bindmethod=simple credentials=secret

Saito

On 5/13/06, richard lucassen <mailinglists@lucassen.org> wrote:

Hello list,

Using version 2.2.23 (Debian Sarge) with slurpd-replication, I see that
the certificates are exchanged and replication works, but the
replicator's username/pass is passing cleartext over the line.

-- master slapd.conf:
replica uri=ldap://ldapslave.example.com starttls=yes
        binddn=cn=replicator,dc=example,dc=com
        bindmethod=simple credentials=secret

-- master ldap.conf:
TLS_CACERT /etc/ldap/cacert.crt


-- slave slapd.conf TLSCACertificateFile /etc/ldap/cacert.crt TLSCertificateFile /etc/ldap/ldapslave.example.com-cert.pem TLSCertificateKeyFile /etc/ldap/ldapslave.example.com-key.pem

When connecting to the servers (master and slave) with gq, tls is
working. Anyone a hint?

Richard.

--
___________________________________________________________________
It is better to remain silent and be thought a fool, than to speak
aloud and remove all doubt.

+------------------------------------------------------------------+
| Richard Lucassen, Utrecht                                        |
| Public key and email address:                                    |
| http://www.lucassen.org/mail-pubkey.html                         |
+------------------------------------------------------------------+