28 Oct
2018
28 Oct
'18
11:53 p.m.
Michael Ströder michael@stroeder.com schrieb am 25.10.2018 um 16:11 in
Nachricht 5ddb70fe-958b-2913-2426-0a7db4a9ef6d@stroeder.com:
On 10/25/18 8:59 AM, Ulrich Windl wrote:
As we do not actually use ldaps for replication that second line could be
dropped easily
As a side note:
You should really use LDAPS or LDAP with StartTLS ext.op. for replication. Otherwise a MITM attacker could trick a replica into delivering false data to clients.
Are you using StartTLS in syncrepl statement?
Ciao, Michael.
Hi!
Thanks for the "heads up"; fortunately I have "starttls=critical" for each syncrepl ;-)
Regards, Ulrich