6 May
2017
6 May
'17
5:29 a.m.
Real, Elizabeth (392K) wrote:
I’m running multi-master OpenLDAP (version 2.4.40) servers and need to secure replication. Can you point me to where I can find that information? What I found online is old and does not apply to the version I’m running.
The term "secure replication" is a bit blurry.
In general I setup replication like this: - TLS everywhere => every replica has server cert - use the *individual* server certs as client certs for authenticating replicas - use SASL/EXTERNAL with authz-regexp mapping to map to distinct replica entry - use an LDAP group entry for replication ACLs - tighten TLS protocol to 1.2 - set cipher settings to use perfect-forward secrecy (PFS)
YMMV
Ciao, Michael.