No - I didn't understand you correctly. I switched back to ldap://:
389 and sniffed and it was all there in the clear.
I need to encrypt the communication (and binding) of the replication
from the Master to the Slave. I can not seem to get it to work and I
can't find the documentation where it shows how to set the replication
for the syncrepl to be SSL or TLS.
Sellers
On Dec 20, 2007, at 1:22 PM, Chris G. Sellers wrote:
I think I see what you are saying. The ldaps: is forcing the
implied SSL not startTLS. Thanks for making me think different.
so now I just need to switch back to ldap:// and make sure TLS is
setup and sniff to make sure the traffic is encrypted.
Thanks
Sellers
On Dec 20, 2007, at 11:54 AM, Quanah Gibson-Mount wrote:
--On December 20, 2007 11:03:44 AM -0500 "Chris G. Sellers"
<[EMAIL PROTECTED]> wrote:
> which suggests that the connection could not be made on port 389
via TLS.
> I can't figure out how to tell the repl connection to send a
certificate.
> Do I have to setup a user in LDAP with a cert? Do I put a client
cert
> into the syncrepl section of the slapd.conf file on the slave?
Please
> advise.
You are confused. LDAPv3 startTLS is used to encrypt connections
over port
389 (or other ports). The Ldapv2 HACK to do TLS over port 636
(ldaps://)
is the other way of doing SSL encryption. You are mixing these
two very
different mechanisms.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
______________________________________________
Chris G. Sellers | NITLE Technology
734.661.2318 | [EMAIL PROTECTED]
AIM: imthewherd | GTalk: [EMAIL PROTECTED]
______________________________________________
Chris G. Sellers | NITLE Technology
734.661.2318 | [EMAIL PROTECTED]
AIM: imthewherd | GTalk: [EMAIL PROTECTED]
