[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Sync Replication via TLS/SSL - get bind err

No - I didn't understand you correctly.  I switched back to ldap://:389 and sniffed and it was all there in the clear.

I need to encrypt the communication (and binding) of the replication from the Master to the Slave.  I can not seem to get it to work and I can't find the documentation where it shows how to set the replication for the syncrepl to be SSL or TLS.


On Dec 20, 2007, at 1:22 PM, Chris G. Sellers wrote:

I think I see what you are saying.   The ldaps:  is forcing the implied SSL not startTLS.   Thanks for making me think different.   

so now I just need to switch back to ldap:// and make sure TLS is setup and sniff to make sure the traffic is encrypted.



On Dec 20, 2007, at 11:54 AM, Quanah Gibson-Mount wrote:

--On December 20, 2007 11:03:44 AM -0500 "Chris G. Sellers"
<chris.sellers@nitle.org> wrote:
> which suggests that the connection could not be made on port 389 via TLS.
> I can't figure out how to tell the repl connection to send a certificate.
> Do I have to setup a user in LDAP with a cert?  Do I put a client cert
> into the syncrepl section of the slapd.conf file on the slave?   Please
> advise.

You are confused. LDAPv3 startTLS is used to encrypt connections over port
389 (or other ports).  The Ldapv2 HACK to do TLS over port 636 (ldaps://)
is the other way of doing SSL encryption.   You are mixing these two very
different mechanisms.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration

Chris G. Sellers | NITLE Technology
AIM: imthewherd | GTalk: cgseller@gmail.com

Chris G. Sellers | NITLE Technology
AIM: imthewherd | GTalk: cgseller@gmail.com