Hello Rich and all,
thanks for the extra work and concern.
In comment to your reply (see below your text):
On 10/08/2015 02:00 PM, 389-users-request@xxxxxxxxxxxxxxxxxxxxxxx wrote:
> Message: 2
> Date: Wed, 7 Oct 2015 08:56:25 -0400
> From: Rich Megginson<rmeggins@xxxxxxxxxx>
> To:389-users@xxxxxxxxxxxxxxxxxxxxxxx
> Subject: Re: 389-users Digest, Vol 125, Issue 3
> Message-ID:<56151679.40802@xxxxxxxxxx>
> Content-Type: text/plain; charset=utf-8; format=flowed
>
> On 10/07/2015 08:34 AM, Karel Lang AFD wrote:
>>
>It is solved, problem is the script, that is recommended by fedora
>wiki (setupssl2.sh) as a way for automatic SSL generation for 389-DS
>server, is not suitable for setting up multimaster, nor master/slave
>scenarios.
Correct. It is for single server self signed scenarios (e.g. testing,
not production). You really need a "real" CA in order to issue multiple
certs for multiple servers.
If that is not clear from the docs, please let us know.
Regarding howto on fedora wiki:
originally i went according to this wiki fedora doc:
http://directory.fedoraproject.org/wiki/Howto:SSL
but it was moved - i guess here:
http://directory.fedoraproject.org/docs/389ds/howto/howto-ssl.html
I got there by going here:
http://directory.fedoraproject.org/docs/389ds/documentation.html
and then
"FAQ’s, Tech Docs" -> and then "How To’s" -> "How to Setup TLS/SSL"
And there is the link on the setupssl2.sh script. But the description of
the script is just along the lines, that it will generate the SSL CA
cert and server certs for you.
So maybe it would be good to add a sentence there, about it's usability
only for single server and not in multimaster or master/slave scenarios.
Generally speaking, i think that the Docs on wiki are great, there is
lots 'howtos' there and all helpfull links to extensive RHEL
documentations etc...
But i think, all that docs can be (IMHO) overwhelming if LDAP newb comes
1st here and needs a 'quick' way to get 'overall picture' and to start
playing with it. There is so much detailed stuff here (which is good)
but where start 1st? :-)
But i dont want to criticize or something, as it is an 'easy road' and i
appreciate all the hardwork the community does!
I think, if we had a kind of 'learn by example' guide, where there would
be shown a fast way howto setup the 389-ds on Fedora or RHEL on *real
life-like scenario*, it would be very helpful for LDAP newbs (just like
me) :-).
There you would go through install/configure/ and 1st administrative
steps quickly with links to other extensive documents at wiki (for
detail reading in case ldap newb has no clue)...
Thank you guys, you all rock! :-)
Karel
So as conclusion, script is OK for testing purposes and quick server
>setups, but not really for live or more complicated scenarios.
>
>But anyway kudos to anyone who wrote it, because i 'gutted' it in
>order to better understand the whole proces.
If the documentation needs to be made more clear that the intention of
setupssl2.sh is for demo/testing purposes only, please let us know.
--
*Karel Lang*
*Unix/Linux Administration*
lang@xxxxxx | +420 731 13 40 40
AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
