Antw: Re: Upgrading from 2.4.26 to 2.4.41: Stricter checks prevent startup?
>> Michael Ströder <michael(a)stroeder.com> schrieb am
25.10.2018 um 16:11 in
Nachricht
<5ddb70fe-958b-2913-2426-0a7db4a9ef6d(a)stroeder.com>:
On 10/25/18 8:59 AM, Ulrich Windl wrote:
> As we do not actually use ldaps for replication that second line could be
dropped easily
As a side note:
You should really use LDAPS or LDAP with StartTLS ext.op. for
replication. Otherwise a MITM attacker could trick a replica into
delivering false data to clients.
Are you using StartTLS in syncrepl statement?
Ciao, Michael.
Hi!
Thanks for the "heads up"; fortunately I have "starttls=critical" for
each
syncrepl ;-)
Regards,
Ulrich