I'm working with the java management console. I created replication manager users as: dn: cn=A.infn.it,cn=config cn: A.infn.it description: CN=A.infn.it,L=Lecce,OU=Host,O=INFN,C=IT objectClass: top objectClass: nshost dn: cn=B.infn.it,cn=config cn: B.infn.it description: CN=B.infn.it,L=Lecce,OU=Host,O=INFN,C=IT objectClass: top objectClass: nshost in my shared/config/certmap.conf i have: certmap default default default:CmapLdapAttr description I tried SSL auth and it works as I can see in the logs: [29/Oct/2007:14:53:40 +0100] conn=2 SSL 256-bit AES; client CN=A.infn.it,L=Lecce,OU=Host,O=INFN,C=IT; issuer CN=INFN CA,O=INFN,C=IT [29/Oct/2007:14:53:40 +0100] conn=2 SSL client bound as cn=A.infn.it,cn=config The changelogs are created with management console, enabling the checkbox in the Replication node of the configuration tab, selecting the default location. Then, under database in the replication node i checked enable replica, and Multiple Master, replication id 1 for A and 2 for B, and in the supplier DN I wrote cn=A.infn.it,cn=config in B and cn=B.infn.it,cn=config in A. Then, right click on database name under Replication, "New Replication Agreement", selecting B node on A with port 636 and checked "Using Encrypted SSL connection" and "SSL Client Authentication". Here I had a problem! There was a pop-up that told me it can't connect to the other fds server, but I thought it was a bug, because I checked with tcpdump and saw no packet sent (I can see it with simple auth). So I clicked to continue and all seems to work well, even the initialization done from A to B, I didn't do it when I created the Agreement from B to A in the same way. I followed the manual at http://www.redhat.com/docs/manuals/dir-server/ag/replicat.htm#66943 I hope I was clear, sorry for my macaronic english ;-) Thank you so much. Richard Megginson wrote: > > Can you describe the exact steps you took e.g. > configured and created changelogs on A and B > created replication manager user on A and B > configured A to be a multi master replica > configured B to be a multi master replica > created replication agreement from A to B > created replication agreement from B to A > Did replica init from A to B > > Note that you should not do a replica init from B to A if you already > did one from A to B -- ___________________________________________________________________ Dael Maselli --- INFN-LNF Computing Service -- +39.06.9403.2214 ___________________________________________________________________ Democracy is two wolves and a lamb voting on what to have for lunch ___________________________________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3000 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20071029/ce48d9f8/attachment.bin
