Re: SSL Hub replication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Juan Asensio Sánchez wrote:

Hi
I am trying to setup the replication with SSL. I have two buildings, each building has two servers. Each building has its own organization in a separate database. Each organization has the replica enabled. This is a schema of the replication agreements (C1->Center1, S1->Server1, S2->Server2): 

C1S1:
- C1 Org.: Multimaster agreement with C1S2 and C2S1
- C2 Org.: Hub agreement with C1S2
C1S2:
- C1 Org.: Multimaster agreement with C1S1 and C2S2
- C2 Org.: Hub agreement with C1S1
C2S1:
- C1 Org.: Hub agreement with C2S2
- C2 Org.: Multimaster agreement with C1S1 and C2S2
C2S2:
- C1 Org.: Hub agreement with C2S1
- C2 Org.: Multimaster agreement with C1S1 and C2S1
Non-SSL connections are disabled in all servers. I can connect with console trough SSL, and make request to the directory server with SSL also. The problem is the replication agreements with the hub agreements. When I try to add a user in the C2 Org. from any server in C1 Org. I get this error: 

Cannot save to directory server:
netscape.ldap.LDAPException: Referrral connect failed: failed to connect to server ldap://server11.center1.org.local:389 (91). cannot connect to the LDAP server, Failed to follow referral
It looks like trying to connect to the remote server in non-SSL, although i have configured it to make the replication agreements with SSL. This only occurrs with hub replicas. With multimaster replicas, the updates are sent fine. 

Any idea? Thanks in advance.
Unfortunately the replication code does not know how to send SSL/TLS referrals. Fortunately, you can set your own by using the nsDS5ReplicaReferral attribute in your cn=replica entry on your hubs/consumers: 
*http://tinyurl.com/35qddb*
Note that the doc says "This should only be defined on a consumer." It means hub or consumer (i.e. read-only replicas). 
------------------------------------------------------------------------

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

<<attachment: smime.p7s>>

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux