No - I didn't understand you correctly. I switched back to ldap://: 389 and sniffed and it was all there in the clear.
I need to encrypt the communication (and binding) of the replication from the Master to the Slave. I can not seem to get it to work and I can't find the documentation where it shows how to set the replication for the syncrepl to be SSL or TLS.
Sellers
On Dec 20, 2007, at 1:22 PM, Chris G. Sellers wrote:
I think I see what you are saying. The ldaps: is forcing the implied SSL not startTLS. Thanks for making me think different.
so now I just need to switch back to ldap:// and make sure TLS is setup and sniff to make sure the traffic is encrypted.
Thanks
Sellers
On Dec 20, 2007, at 11:54 AM, Quanah Gibson-Mount wrote:
--On December 20, 2007 11:03:44 AM -0500 "Chris G. Sellers" chris.sellers@nitle.org wrote:
which suggests that the connection could not be made on port 389
via TLS.
I can't figure out how to tell the repl connection to send a
certificate.
Do I have to setup a user in LDAP with a cert? Do I put a client
cert
into the syncrepl section of the slapd.conf file on the slave?
Please
advise.
You are confused. LDAPv3 startTLS is used to encrypt connections over port 389 (or other ports). The Ldapv2 HACK to do TLS over port 636 (ldaps://) is the other way of doing SSL encryption. You are mixing these two very different mechanisms.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
Chris G. Sellers | NITLE Technology 734.661.2318 | chris.sellers@nitle.org AIM: imthewherd | GTalk: cgseller@gmail.com
______________________________________________ Chris G. Sellers | NITLE Technology 734.661.2318 | chris.sellers@nitle.org AIM: imthewherd | GTalk: cgseller@gmail.com