[Freeipa-users] FreeIPA Replica ports
Rob Crittenden
rcritten at redhat.com
Mon Aug 26 18:08:44 UTC 2013
bwellsnc wrote:
> I have been over the documentation and all documentations states that
> replication happens over port 7389. This is incorrect. It is happening
> over 389. I have a need for replication to operate over 7389 because I
> have a remote server that is located in a datacenter which I have no
> vpn/p2p access. Is there a way to set the replication port in IPA?
The documentation is a little unclear, I agree. It is trying to say that
IF you want a CA on the replica then you'll need port 7389 (and a few
others) opened in the firewall.
Changing the port would require reconfiguring 389-ds to listen on
another port (or an additional port) and configure replication over that
port. We don't provide the ability to configure ports so you'd need to
make code changes.
If the concern is lack of security, we initially (during
ipa-replica-install) to use startTLS over 389. Once the server is up we
reconfigure the agreement to use GSSAPI, so the data is always
encrypted. For the case of the CA, it always uses startTLS on port 7389.
rob
More information about the Freeipa-users
mailing list