Project

General

Profile

Task #2708

Story #1791: Create secure configuration for LDAP replication across various deployment Environments

Edit syncrepl configuration in cn-buildout to use TLS

Added by Ben Leinfelder over 12 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ben Leinfelder
Category:
-
Target version:
Sprint-2012.19-Block.3.2
Start date:
2012-05-07
Due date:
% Done:

100%

Milestone:
CCI-1.0.0
Product Version:
*
Story Points:
Sprint:

Description

In addition to general slapd.conf TLS configuration, the syncrepl section[s] need to be modified.

"when using syncrepl with TLS and a URL of ldap://hostname/ the parameter starttls=yes or starttls=critical MUST be defined"
http://www.zytrax.com/books/ldap/ch15/#tls

History

#1 Updated by Ben Leinfelder over 12 years ago

  • Status changed from New to In Progress
  • Assignee set to Ben Leinfelder

edited slapd.conf and postinst

#2 Updated by Ben Leinfelder over 12 years ago

  • Status changed from In Progress to Closed

#3 Updated by Ben Leinfelder over 12 years ago

  • Status changed from Closed to In Progress

Still not working - trying more config options in syncrepl

#4 Updated by Ben Leinfelder over 12 years ago

added tls_cert, tls_key and tls_cacert params to the syncrepl lines and now I get successful replication

#5 Updated by Ben Leinfelder over 12 years ago

  • Status changed from In Progress to Closed

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)