[Freeipa-devel] [PATCH] 751 dogtag replication
Martin Kosek
mkosek at redhat.com
Thu Mar 10 14:24:07 UTC 2011
On Thu, 2011-03-10 at 00:10 -0500, Rob Crittenden wrote:
> The replication between dogtag servers wasn't using TLS or SSL. This
> uses a new option to pkisilent to create replication agreements that use
> TLS.
>
> The SSL cert we will use is the same as the main 389-ds instance via
> symbolic link.
>
> I tested with --selfsign, with dogtag and with dogtag signed by an
> external CA.
>
> ticket 1060
>
> rob
ACK.
The patch looks OK. I tested the installation process on both F-14 and
F-15 (IPA with dogtag + replica, self-signed IPA + replica, IPA with
external CA + replica) and the replication was OK.
There were some issues during the testing, but they were found
irrelevant in our IRC discussion. I am opening a ticket right now to
increase a stability of IPA installation (after the DS restart, wait
until the ports are open - then do the ldapmodify commands).
Martin
More information about the Freeipa-devel
mailing list