[Freeipa-devel] [PATCH] 751 dogtag replication
Rob Crittenden
rcritten at redhat.com
Thu Mar 10 14:57:52 UTC 2011
Martin Kosek wrote:
> On Thu, 2011-03-10 at 00:10 -0500, Rob Crittenden wrote:
>> The replication between dogtag servers wasn't using TLS or SSL. This
>> uses a new option to pkisilent to create replication agreements that use
>> TLS.
>>
>> The SSL cert we will use is the same as the main 389-ds instance via
>> symbolic link.
>>
>> I tested with --selfsign, with dogtag and with dogtag signed by an
>> external CA.
>>
>> ticket 1060
>>
>> rob
>
> ACK.
>
> The patch looks OK. I tested the installation process on both F-14 and
> F-15 (IPA with dogtag + replica, self-signed IPA + replica, IPA with
> external CA + replica) and the replication was OK.
>
> There were some issues during the testing, but they were found
> irrelevant in our IRC discussion. I am opening a ticket right now to
> increase a stability of IPA installation (after the DS restart, wait
> until the ports are open - then do the ldapmodify commands).
>
> Martin
pushed to master
More information about the Freeipa-devel
mailing list