I'm working with the java management console. I created replication manager users as: dn: cn=A.infn.it,cn=config cn: A.infn.it description: CN=A.infn.it,L=Lecce,OU=Host,O=INFN,C=IT objectClass: top objectClass: nshost dn: cn=B.infn.it,cn=config cn: B.infn.it description: CN=B.infn.it,L=Lecce,OU=Host,O=INFN,C=IT objectClass: top objectClass: nshost in my shared/config/certmap.conf i have: certmap default default default:CmapLdapAttr description I tried SSL auth and it works as I can see in the logs: [29/Oct/2007:14:53:40 +0100] conn=2 SSL 256-bit AES; client CN=A.infn.it,L=Lecce,OU=Host,O=INFN,C=IT; issuer CN=INFN CA,O=INFN,C=IT [29/Oct/2007:14:53:40 +0100] conn=2 SSL client bound as cn=A.infn.it,cn=config The changelogs are created with management console, enabling the checkbox in the Replication node of the configuration tab, selecting the default location. Then, under database in the replication node i checked enable replica, and Multiple Master, replication id 1 for A and 2 for B, and in the supplier DN I wrote cn=A.infn.it,cn=config in B and cn=B.infn.it,cn=config in A. Then, right click on database name under Replication, "New Replication Agreement", selecting B node on A with port 636 and checked "Using Encrypted SSL connection" and "SSL Client Authentication". Here I had a problem! There was a pop-up that told me it can't connect to the other fds server, but I thought it was a bug, because I checked with tcpdump and saw no packet sent (I can see it with simple auth). So I clicked to continue and all seems to work well, even the initialization done from A to B, I didn't do it when I created the Agreement from B to A in the same way. I followed the manual at http://www.redhat.com/docs/manuals/dir-server/ag/replicat.htm#66943 I hope I was clear, sorry for my macaronic english ;-) Thank you so much. Richard Megginson wrote:
Can you describe the exact steps you took e.g. configured and created changelogs on A and B created replication manager user on A and B configured A to be a multi master replica configured B to be a multi master replica created replication agreement from A to B created replication agreement from B to A Did replica init from A to BNote that you should not do a replica init from B to A if you already did one from A to B
-- ___________________________________________________________________ Dael Maselli --- INFN-LNF Computing Service -- +39.06.9403.2214 ___________________________________________________________________ Democracy is two wolves and a lamb voting on what to have for lunch ___________________________________________________________________
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
