Re: Re: admin-server SSL and replication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Jo De Troy wrote:


Hi Rich,
I can access the admin-server again with startconsole after having changed 
admin-serv/config/adm.conf and shared/config/dbswitch.conf.
What exactly does "Secure Connection" in the admin-server console
ConfigurationDS tab
do?
That tells Admin Server to use SSL when talking to the config DS e.g. the url that's in shared/config/dbswitch.conf. This is both for the Admin Server itself (the Apache mod_admserv module) and for the admin server CGIs. The url in dbswitch.conf should be ldaps instead of ldap and have the secure port instead of the unsecure port.
I don't know if it helps but I recently completed an admin server configuration summary (of the files anyway) - http://directory.fedora.redhat.com/wiki/AdminServer#Admin_Server_Config_Files 


And why would this break the startup of startconsole?
startconsole must be configured to use SSL. 
And what exactly does the "Use SSL in Fedora Console" setting in the
Encryption tab of the Directory server console do?
This tells the console to use SSL for communicating with both the admin server and the directory server. Otherwise, it uses the non-secure port for the directory server instead of the secure one and, if the admin server is running with SSL enabled, it will hang attempting to auth to the admin server, since the admin server listens with SSL or not, not both as the DS does. 



Another question I have about multi-master replication. If you create
the same replication manager entry with the same password on the
replication nodes, why is it necessary to have the same directory
manager entry and the same password?


??? you mean cn=directory manager?


I thought the same replication
mgr entry would be sufficient


It should be . . . what are you seeing that makes you think otherwise?



Thanks again,
Jo

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux