Dael Maselli wrote: > I'm working with the java management console. > > I created replication manager users as: > dn: cn=A.infn.it,cn=config > cn: A.infn.it > description: CN=A.infn.it,L=Lecce,OU=Host,O=INFN,C=IT > objectClass: top > objectClass: nshost > > dn: cn=B.infn.it,cn=config > cn: B.infn.it > description: CN=B.infn.it,L=Lecce,OU=Host,O=INFN,C=IT > objectClass: top > objectClass: nshost > > in my shared/config/certmap.conf i have: > certmap default default > default:CmapLdapAttr description > > I tried SSL auth and it works as I can see in the logs: > [29/Oct/2007:14:53:40 +0100] conn=2 SSL 256-bit AES; client > CN=A.infn.it,L=Lecce,OU=Host,O=INFN,C=IT; issuer CN=INFN CA,O=INFN,C=IT > [29/Oct/2007:14:53:40 +0100] conn=2 SSL client bound as > cn=A.infn.it,cn=config > > The changelogs are created with management console, enabling the > checkbox in the > Replication node of the configuration tab, selecting the default > location. > > Then, under database in the replication node i checked enable replica, > and > Multiple Master, replication id 1 for A and 2 for B, and in the > supplier DN > I wrote cn=A.infn.it,cn=config in B and cn=B.infn.it,cn=config in A. > > Then, right click on database name under Replication, "New Replication > Agreement", > selecting B node on A with port 636 and checked "Using Encrypted SSL > connection" and > "SSL Client Authentication". Here I had a problem! There was a pop-up > that told me > it can't connect to the other fds server, but I thought it was a bug, > because I checked > with tcpdump and saw no packet sent (I can see it with simple auth). > So I clicked to > continue and all seems to work well, even the initialization done from > A to B, I didn't > do it when I created the Agreement from B to A in the same way. You don't need to initialize from B to A if you already did the initialize from A to B. When you did the tcpdump, did you look at traffic on port 389 too, or just 636? > > I followed the manual at > http://www.redhat.com/docs/manuals/dir-server/ag/replicat.htm#66943 > > I hope I was clear, sorry for my macaronic english ;-) > > Thank you so much. > > > Richard Megginson wrote: >> >> Can you describe the exact steps you took e.g. >> configured and created changelogs on A and B >> created replication manager user on A and B >> configured A to be a multi master replica >> configured B to be a multi master replica >> created replication agreement from A to B >> created replication agreement from B to A >> Did replica init from A to B >> >> Note that you should not do a replica init from B to A if you already >> did one from A to B > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20071031/bd03cf75/attachment.bin
