Re: syncrepl with ssl

[James <james@nttmcl.com>]

Dieter Kluenter wrote:
> Hi,
>
> James <james@nttmcl.com> writes:
>
>   
> > Dieter Kluenter wrote:
> >     
> > > "Dieter Kluenter" <dieter@dkluenter.de> writes:
> > >
> > >
> > >       
> > > > James <james@nttmcl.com> writes:
> > > >         
> [...]
>   
> > > > And what is the TLS part of the consumer slapd.conf looking like?
> > > >
> > > >         
> > > Sorry, my fault, it should read ldap.conf
> > >
> > > -Dieter
> > >
> > >
> > >       
> > timelimit 120
> > bind_timelimit 120
> > idle_timelimit 3600
> > nss_initgroups_ignoreusers
> > root,ldap,named,avahi,haldaemon,postfix,messagebus
> > URI ldaps://master.example.com
> > BASE dc=example,dc=com
> > ldap_version 3
> > pam_password exop
> > ssl on
> > tls_ciphers  HIGH:MEDIUM:+SSLv2:RSA
> > tls_checkpeer no
> > TLS_CACERT /etc/ssl/cacert.pem
> > TLS_REQCERT allow
> >     
>
> Most of this are not valid parameters for OpenLDAP. This file is a
> mixture of pam_ldap.conf and openldap/ldap.conf
>
> -Dieter
>
>   
does that cause problems? because i just symlink libnss-ldap.conf and 
pam_ldap.conf to ldap.conf for ease of management
If it does cause problems can you give me an example of what to separate 
out where?
TIA
-James