>>> Michael Ströder <[email protected]> schrieb am 25.10.2018 um 16:11 in Nachricht <[email protected]>: > On 10/25/18 8:59 AM, Ulrich Windl wrote: >> As we do not actually use ldaps for replication that second line could be > dropped easily > > As a side note: > > You should really use LDAPS or LDAP with StartTLS ext.op. for > replication. Otherwise a MITM attacker could trick a replica into > delivering false data to clients. > > Are you using StartTLS in syncrepl statement? > > Ciao, Michael.
Hi! Thanks for the "heads up"; fortunately I have "starttls=critical" for each syncrepl ;-) Regards, Ulrich
