[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl with x509 certificates

On Mon, Jan 21, 2008 at 06:12:33AM +0100, Emmanuel Dreyfus wrote:
> Howard Chu <hyc@symas.com> wrote:
> > > a) a way to specify another certificate to use in the syncrepl config
> > In OpenLDAP 2.4, yes. Read the manpage.
> With 2.3, if a different cn is needed for the ldaps server and the
> syncrepl client, a certificate with subjectAltName may help.
its not the name.

There seems to be 2 scenario's that a cert is used, 

1) as a server to verify that you have connected to the right machine and to 
ensure you packets are encrypted.  This requires a certificate with purpose SSL 
2) as a client when a ldap server in a syncrepl setup is talking to the master 
server. This requires a certificate with purpose SSL Client.

I am trying to find out if it is possible to use a different certificate for 
the syncrepl process, but I can't find it. Maybe its in saslmech option.


> -- 
> Emmanuel Dreyfus
> http://hcpnet.free.fr/pubz
> manu@netbsd.org

"The singers all loathe the sight of one another, the chorus despises the
singers, they both hate the orchestra, and everyone fears the conductor;
the staff on one prompt side won't talk to the staff on the opposite prompt
side, the dancers are all crazed from hunger in any case..."

Attachment: signature.asc
Description: Digital signature