[Fedora-directory-users] Re: admin-server SSL and replication
Richard Megginson
rmeggins at redhat.com
Thu Jul 13 15:26:07 UTC 2006
Jo De Troy wrote:
> Hi Rich,
>
> I can access the admin-server again with startconsole after having
> changed
> admin-serv/config/adm.conf and shared/config/dbswitch.conf.
> What exactly does "Secure Connection" in the admin-server console
> ConfigurationDS tab
> do?
That tells Admin Server to use SSL when talking to the config DS e.g.
the url that's in shared/config/dbswitch.conf. This is both for the
Admin Server itself (the Apache mod_admserv module) and for the admin
server CGIs. The url in dbswitch.conf should be ldaps instead of ldap
and have the secure port instead of the unsecure port.
I don't know if it helps but I recently completed an admin server
configuration summary (of the files anyway) -
http://directory.fedora.redhat.com/wiki/AdminServer#Admin_Server_Config_Files
> And why would this break the startup of startconsole?
startconsole must be configured to use SSL.
> And what exactly does the "Use SSL in Fedora Console" setting in the
> Encryption tab of the Directory server console do?
This tells the console to use SSL for communicating with both the admin
server and the directory server. Otherwise, it uses the non-secure port
for the directory server instead of the secure one and, if the admin
server is running with SSL enabled, it will hang attempting to auth to
the admin server, since the admin server listens with SSL or not, not
both as the DS does.
>
> Another question I have about multi-master replication. If you create
> the same replication manager entry with the same password on the
> replication nodes, why is it necessary to have the same directory
> manager entry and the same password?
??? you mean cn=directory manager?
> I thought the same replication
> mgr entry would be sufficient
It should be . . . what are you seeing that makes you think otherwise?
>
> Thanks again,
> Jo
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060713/3099dfbd/attachment.bin>
More information about the Fedora-directory-users
mailing list