[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Security, SSF and localhost lookups

To: "'M Butcher'" <mbutcher@grcomputing.net>, <openldap-software@OpenLDAP.org>
Subject: RE: Security, SSF and localhost lookups
From: "Howard Chu" <hyc@highlandsun.com>
Date: Wed, 7 May 2003 17:07:32 -0700
Importance: Normal
In-reply-to: <1052252221.4164.170.camel@jericho>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of M Butcher

> It occurs to me that the main reason I have port 389 open is so that I
> can do replication. I couldn't figure out how to do it over
> LDAPS, so I
> did configured it to use LDAP with tls=critical.
>
> If there is a way to do replication over LDAPS, then I can
> probably get
> around the security settings that way.
>
> Is there a way to do that?

Yes, but not using slapd.conf. See the ldap.conf(5) manpage, look at the TLS
option. If you set it to "yes" then all LDAP connections will be opened as
LDAPS sessions instead. You can set this in an environment variable before
slurpd starts, or you can set it in an "ldaprc" file stored in the directory
where slurpd executes.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

Follow-Ups:
- RE: Security, SSF and localhost lookups
  - From: M Butcher <mbutcher@grcomputing.net>

References:
- Re: Security, SSF and localhost lookups
  - From: M Butcher <mbutcher@grcomputing.net>

Prev by Date: Large Installations of OpenLdap
Next by Date: Re: altServer attribute for OpenLDAP
Index(es):
- Chronological
- Thread