On lun, 2006-04-03 at 14:18 -0700, George Holbert wrote: > > Uhm...I can try, but in that case, is it possible that I've a problem > > with replication ? > > I don't think so. I've noticed that replication agreements over SSL > don't seem to care about hostname / CN matching, although they do check > that the CA is trusted. If I have the wrong impression on this, someone > please say so :). > > In your replication agreements, you'd still want to use the > 'nodo1.domain.example.com' or 'nodo2.domain.example.com' names, as > 'ldap.domain.example.com' would obviously not be specific enough. > today I tried to issue 2 server certs using the same CA...using the same CN...I can make correctly the certs and in Manage Certificate I can see both server certs with the same name...but when I try to establish ssl encryption between servers: NSMMReplicationPlugin -agmt="cn="Replication to nodo1.domain.example.com""(nodo1:636): Simple bind failed, LDAP sdk error 81 (Can't contact LDAP server), Netscape Portable Runtime error- 12276 (Unable to communicate securely with peer: requested domain name does not match the server's certificate.) Is there someone that use two server Fedora DS to authenticate clients? Even if I can browse in clear mode FDS both on nodo1 and nodo2...in encrypt mode only one can certificate my clients? alex
