Re: admin-server SSL and replication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Jo De Troy wrote:

> Hi Rich,
>
> I can access the admin-server again with startconsole after having 
> changed
> admin-serv/config/adm.conf and shared/config/dbswitch.conf.
> What exactly does "Secure Connection" in the admin-server console
> ConfigurationDS tab
> do?

That tells Admin Server to use SSL when talking to the config DS e.g. 
the url that's in shared/config/dbswitch.conf.  This is both for the 
Admin Server itself (the Apache mod_admserv module) and for the admin 
server CGIs.  The url in dbswitch.conf should be ldaps instead of ldap 
and have the secure port instead of the unsecure port.

I don't know if it helps but I recently completed an admin server 
configuration summary (of the files anyway) - 
http://directory.fedora.redhat.com/wiki/AdminServer#Admin_Server_Config_Files

> And why would this break the startup of startconsole?

startconsole must be configured to use SSL. 

> And what exactly does the "Use SSL in Fedora Console" setting in the
> Encryption tab of the Directory server console do?

This tells the console to use SSL for communicating with both the admin 
server and the directory server.  Otherwise, it uses the non-secure port 
for the directory server instead of the secure one and, if the admin 
server is running with SSL enabled, it will hang attempting to auth to 
the admin server, since the admin server listens with SSL or not, not 
both as the DS does.

>
> Another question I have about multi-master replication. If you create
> the same replication manager entry with the same password on the
> replication nodes, why is it necessary to have the same directory
> manager entry and the same password?

??? you mean cn=directory manager?

> I thought the same replication
> mgr entry would be sufficient

It should be . . . what are you seeing that makes you think otherwise?

>
> Thanks again,
> Jo
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060713/3099dfbd/attachment.bin
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux