[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl with x509 certificates

On Mon, Jan 21, 2008 at 08:20:49PM +0100, Dieter Kluenter wrote:
> Hi,
> Alex Samad <alex@samad.com.au> writes:
> > On Mon, Jan 21, 2008 at 06:12:33AM +0100, Emmanuel Dreyfus wrote:
> >> Howard Chu <hyc@symas.com> wrote:
> >> 
> > I am trying to find out if it is possible to use a different 
> > for the syncrepl process, but I can't find it. Maybe its in saslmech 
> > option.
> You may use the sasl external mechanism and create a certificate with
> a DN matching the bindDN (although you don't have to define a binddn).
Yep I have this setup. Seems like there is a bit of difference between 2.3 and 
2.4. I am on Debian etch, which is currently on 2.3.  In 2.4 there are 
provisions to specify the cert actually used for the syncrepl connection!
This doesn't seem to be possible in 2.3
> -Dieter
> -- 
> Dieter Klünter | Systemberatung
> http://www.dkluenter.de
> GPG Key ID:8EF7B6C6

"There's not going to be enough people in the system to take advantage of people like me."

	- George W. Bush
Wilton, CN
on the coming Social Security crisis

Attachment: signature.asc
Description: Digital signature