Re: Sync Replication via TLS/SSL - get bind err

I think I see what you are saying. The ldaps: is forcing the implied SSL not startTLS. Thanks for making me think different. so now I just need to switch back to ldap:// and make sure TLS is setup and sniff to make sure the traffic is encrypted. Thanks Sellers On Dec 20, 2007, at 11:54 AM, Quanah Gibson-Mount wrote: > > > --On December 20, 2007 11:03:44 AM -0500 "Chris G. Sellers" > <chris.sellers(a)nitle.org&gt; wrote: > > which suggests that the connection could not be made on port 389 > via TLS. > > I can't figure out how to tell the repl connection to send a > certificate. > > Do I have to setup a user in LDAP with a cert? Do I put a client > cert > > into the syncrepl section of the slapd.conf file on the slave? > Please > > advise. > > You are confused. LDAPv3 startTLS is used to encrypt connections > over port > 389 (or other ports). The Ldapv2 HACK to do TLS over port 636 > (ldaps://) > is the other way of doing SSL encryption. You are mixing these > two very > different mechanisms. > > --Quanah > > > > -- > > Quanah Gibson-Mount > Principal Software Engineer > Zimbra, Inc > -------------------- > Zimbra :: the leader in open source messaging and collaboration > ______________________________________________ Chris G. Sellers | NITLE Technology 734.661.2318 | chris.sellers(a)nitle.org AIM: imthewherd | GTalk: cgseller(a)gmail.com