[389-users] Replication over SSL
Rich Megginson
rmeggins at redhat.com
Mon Oct 26 14:49:18 UTC 2009
Mitja Mihelič wrote:
> Hi!
>
> I am trying to get replication to work over SSL, but I seem to be
> missing something...
>
> To make a long story short: single-master and multi-master replication
> without SSL works without a problem.
>
> I have created two Directory servers via the Management Console, one
> called master (supplier) and one called replica (consumer).
> I have issued a certificate request via the management console for the
> supplier and consumer.
> Both were signed by a test CA and imported into the corresponding
> server's certificate store.
> Now, what exactly must I do, to correctly map the certificates and
> make them talk to each other ?
> I have read the documentation, but I just don't understand how to make
> it work.
>
> The following dn is used for replication:
> dn: cn=replication manager,cn=config
> objectClass: inetorgperson
> objectClass: person
> objectClass: top
> objectClass: organizationalPerson
> cn: replication manager
> sn: RM
> userPassword: replicate
> passwordExpirationTime: 20380119031407Z
>
> Greetings,
> Mitja
>
> Read the following lines if you wish to know how I have it set up what
> I have done to set up non-SSL replication:
> The Directory server instances are using their own ports (supplier:
> 30389/30636 and consumer: 40389/40636 respectively).
> I have inserted a replication user into the dse.ldif files in both the
> supplier and the consumer as specified in the documentation.
> The supplier has been populated with test entries, enabled the
> changelog and replication of the relevant database.
> The consumer has been set up accordingly.
> I have created an appropriate replication agreement and initialized
> the consumer.
> All entries replicated as expected and the replica was updating
> successfully.
If you want to use simple authentication using your replication manager
user, but you want the connection to be secure with TLS/SSL, start here
-
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_Replication-Replication_over_SSL.html
>
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20091026/e74a120a/attachment.bin>
More information about the Fedora-directory-users
mailing list