Thank you for your hint.
I did read the suggested documentation before asking for assistance, but
did not understand it at that time.
In the end I used simple authentication over TLS/SSL.
Regards,
Mitja
Rich Megginson wrote:
Mitja Mihelič wrote:
Hi!
I am trying to get replication to work over SSL, but I seem to be
missing something...
To make a long story short: single-master and multi-master
replication without SSL works without a problem.
I have created two Directory servers via the Management Console, one
called master (supplier) and one called replica (consumer).
I have issued a certificate request via the management console for
the supplier and consumer.
Both were signed by a test CA and imported into the corresponding
server's certificate store.
Now, what exactly must I do, to correctly map the certificates and
make them talk to each other ?
I have read the documentation, but I just don't understand how to
make it work.
The following dn is used for replication:
dn: cn=replication manager,cn=config
objectClass: inetorgperson
objectClass: person
objectClass: top
objectClass: organizationalPerson
cn: replication manager
sn: RM
userPassword: replicate
passwordExpirationTime: 20380119031407Z
Greetings,
Mitja
Read the following lines if you wish to know how I have it set up
what I have done to set up non-SSL replication:
The Directory server instances are using their own ports (supplier:
30389/30636 and consumer: 40389/40636 respectively).
I have inserted a replication user into the dse.ldif files in both
the supplier and the consumer as specified in the documentation.
The supplier has been populated with test entries, enabled the
changelog and replication of the relevant database.
The consumer has been set up accordingly.
I have created an appropriate replication agreement and initialized
the consumer.
All entries replicated as expected and the replica was updating
successfully.
If you want to use simple authentication using your replication
manager user, but you want the connection to be secure with TLS/SSL,
start here -
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_Replication-Replication_over_SSL.html
--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
------------------------------------------------------------------------
--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
