Hi, Alex Samad <[EMAIL PROTECTED]> writes:
> On Mon, Jan 21, 2008 at 06:12:33AM +0100, Emmanuel Dreyfus wrote: >> Howard Chu <[EMAIL PROTECTED]> wrote: >> >> > > a) a way to specify another certificate to use in the syncrepl config >> > In OpenLDAP 2.4, yes. Read the manpage. >> >> With 2.3, if a different cn is needed for the ldaps server and the >> syncrepl client, a certificate with subjectAltName may help. > its not the name. > > There seems to be 2 scenario's that a cert is used, > > 1) as a server to verify that you have connected to the right machine and to > ensure you packets are encrypted. This requires a certificate with purpose > SSL > Server > 2) as a client when a ldap server in a syncrepl setup is talking to the > master > server. This requires a certificate with purpose SSL Client. > > I am trying to find out if it is possible to use a different certificate for > the syncrepl process, but I can't find it. Maybe its in saslmech option. You may use the sasl external mechanism and create a certificate with a DN matching the bindDN (although you don't have to define a binddn). -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6
