[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antw: Re: Upgrading from 2.4.26 to 2.4.41: Stricter checks prevent startup?

To: <openldap-technical@openldap.org>,<michael@stroeder.com>
Subject: Antw: Re: Upgrading from 2.4.26 to 2.4.41: Stricter checks prevent startup?
From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
Date: Mon, 29 Oct 2018 07:53:53 +0100
Content-disposition: inline
In-reply-to: <5ddb70fe-958b-2913-2426-0a7db4a9ef6d@stroeder.com>
References: <5BD169CB020000A10002DBFC@gwsmtp1.uni-regensburg.de> <5ddb70fe-958b-2913-2426-0a7db4a9ef6d@stroeder.com>

>>> Michael Ströder <michael@stroeder.com> schrieb am 25.10.2018 um 16:11 in
Nachricht <5ddb70fe-958b-2913-2426-0a7db4a9ef6d@stroeder.com>:
> On 10/25/18 8:59 AM, Ulrich Windl wrote:
>> As we do not actually use ldaps for replication that second line could be 
> dropped easily
> 
> As a side note:
> 
> You should really use LDAPS or LDAP with StartTLS ext.op. for
> replication. Otherwise a MITM attacker could trick a replica into
> delivering false data to clients.
> 
> Are you using StartTLS in syncrepl statement?
> 
> Ciao, Michael.

Hi!

Thanks for the "heads up"; fortunately I have "starttls=critical" for each
syncrepl ;-)

Regards,
Ulrich

References:
- Upgrading from 2.4.26 to 2.4.41: Stricter checks prevent startup?
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
- Re: Upgrading from 2.4.26 to 2.4.41: Stricter checks prevent startup?
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: Antw: Upgrading from 2.4.26 to 2.4.41: Stricter checks prevent startup?
Next by Date: Antw: Re: Upgrading from 2.4.26 to 2.4.41: Stricter checks prevent startup?
Index(es):
- Chronological
- Thread