[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ååï mirror mode question

To: "Eileen(=^Ï^=)" <123784635@qq.com>
Subject: Re: ååï mirror mode question
From: Dieter KlÃnter <dieter@dkluenter.de>
Date: Wed, 5 Mar 2014 21:53:17 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <tencent_0D0FBAC623DE6E942CAF7A02@qq.com>
Organization: AVCI
References: <tencent_0D0FBAC623DE6E942CAF7A02@qq.com>

Hi,

http://pastebin.de/41448
-Dieter

Am Wed, 5 Mar 2014 22:04:05 +0800
schrieb "Eileen(=^Ï^=)" <123784635@qq.com>:

> Hi Michael and Dieter,
> 
> 
>     Thanks for your kindly replies. 
>     In my case, I didn't use any SASL or TLS but "simple" method with
> operation mode of user/password authenticated. However, I need the
> rootpw hashed (not cleartext) and the 2 servers (master & slave)
> synchronized. Could you pls advise how i should modify the syncrepl
> part? or could you pls provide a sample of the slapd.conf file
> configuration?
> 
> 
> Best regards,
> 
> 
> Eileen
> 
> 
> ------------------ ååéä ------------------
> åää: "Michael StrÃder";<michael@stroeder.com>;
> åéæé: 2014å3æ5æ(ææä) äå4:09
> æää: "Dieter KlÃnter"<dieter@dkluenter.de>;
> "openldap-technical"<openldap-technical@openldap.org>; 
> 
> äé: Re: mirror mode & sasl question
> 
> 
> 
> Dieter KlÃnter wrote:
> > Am Wed, 5 Mar 2014 14:38:04 +0800
> > schrieb "Eileen(=^Ï^=)" <123784635@qq.com>:
> >> This is Eileen from China SINAP. I am a beginner for openldap
> >> soft. I encountered a problem in my study on two LDAP services
> >> replication. I have 2 LDAP services, one name LDPA1, the other is
> >> LDAP2 . I want to make them synchronously in mirror mode. But when
> >> I set LDAP services rootpw both in hash, the 2 LDAP serivces canât
> >> be synchronous. My question is 
> >> 1.      if I set my rootpw in hash, my bindmethod must be SASL? If
> >> I must use sasl method, can I put the sasl service in the same ldap
> >> service? If bindmethod=sasl then what is the saslmech should be?
> >> 2.      If I change to sasl method, do I need change my database
> >> record? 
> > 
> > In order to use sasl, passwords must be cleartext and you should
> > configure an apropriate authz-regexp, see man slapd.conf(5)
> > You may use any sasl mechanism that you sasl framework provides.
> > [...]
> 
> To be more precise: In order to use password-based SASL mechs the
> passwords have to be stored in clear-text.
> 
> Well, if working with SASL and TLS (LDAPS, StartTLS) one should
> consider using client certs and SASL/EXTERNAL for replication.
> 
> Ciao, Michael.


-- 
Dieter KlÃnter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53Â37'09,95"N
10Â08'02,42"E

References:
- ååï mirror mode question
  - From: "Eileen(=^Ï^=)" <123784635@qq.com>

Prev by Date: Re: openldap search filter attribut equal to another
Next by Date: Slapd TLS issue
Index(es):
- Chronological
- Thread