Mitja Miheli? wrote: > Hi! > > I am trying to get replication to work over SSL, but I seem to be > missing something... > > To make a long story short: single-master and multi-master replication > without SSL works without a problem. > > I have created two Directory servers via the Management Console, one > called master (supplier) and one called replica (consumer). > I have issued a certificate request via the management console for the > supplier and consumer. > Both were signed by a test CA and imported into the corresponding > server's certificate store. > Now, what exactly must I do, to correctly map the certificates and > make them talk to each other ? > I have read the documentation, but I just don't understand how to make > it work. > > The following dn is used for replication: > dn: cn=replication manager,cn=config > objectClass: inetorgperson > objectClass: person > objectClass: top > objectClass: organizationalPerson > cn: replication manager > sn: RM > userPassword: replicate > passwordExpirationTime: 20380119031407Z > > Greetings, > Mitja > > Read the following lines if you wish to know how I have it set up what > I have done to set up non-SSL replication: > The Directory server instances are using their own ports (supplier: > 30389/30636 and consumer: 40389/40636 respectively). > I have inserted a replication user into the dse.ldif files in both the > supplier and the consumer as specified in the documentation. > The supplier has been populated with test entries, enabled the > changelog and replication of the relevant database. > The consumer has been set up accordingly. > I have created an appropriate replication agreement and initialized > the consumer. > All entries replicated as expected and the replica was updating > successfully. If you want to use simple authentication using your replication manager user, but you want the connection to be secure with TLS/SSL, start here - http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_Replication-Replication_over_SSL.html > > > -- > 389 users mailing list > 389-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20091026/e74a120a/attachment.bin
