[Date Prev][Date Next]
LDAP Replication +TLS +Self-signed certificate.
I have LDAP replication setup (slurpd), works fine. Until a while ago I had a CA certificate, and with that one I signed other two certificates, for two different hosts. So I had 3 "hosts", one is the CA, another one is LDAP Master and the last the ldap slave. Configuration on both master and slave slapd.conf had:
Now I changed the certificates, both the Master and Slave machines use self signed certificates, I changed the certificates/tls config on several services that used it, they work fine, but LDAP replication stopped working.
1) To be clear (in order to have LDAP replication working with self signed certs + TLS on):
Master machine slapd.conf:
Master machine ldap.conf:
TLS_CACERT /etc/openldap/master-machine-certificate.crt (DOES IT MATTER IF THIS MACHINE ONLY ACTS AS SERVER?)
Slave machine slapd.conf:
TLSCACertificateFile /etc/openldap/slave-machine-certificate.crt (as this option on slapd.conf is for the -server- part of the slave, right?)
Slave machine ldap.conf:
2) Second question, on other machines that run LDAP clients, I should put what in ldap.conf (/etc/openldap/ldap.conf) for the TLS_CACERT option? Leave it blank, use the ldap master machine certificate or, if that machine queries the slave ldap machine, the slave ldap machine certificate for the ldap.conf TLS_CACERT option?
thanks a lot!
Search for products and services at:
Powered by Outblaze