Monday, June 23, 2014

Re: [389-users] changing replication to use ssl

On 06/23/2014 02:43 PM, Elizabeth Jones wrote:
>> We currently have 4 way multi-master replication running over port 389 but
>> I need to secure it. In looking at what we have now, it looks to me like
>> I can't edit the existing replication agreements but will have to make all
>> new replication agreements - is this correct?

You should be able to edit the existing agreements - what makes you
think you cannot?
>> I was looking at this doc
>> to make sure I'm doing everything right and saw the highlighted note that
>> says "Replication will not begin until the consumer is initialized". Do I
>> need to initialize all of my ldap servers again,
>> if they were in sync from
>> the existing agreements?
No. Using plain LDAP/SSL/TLS/whatever for authentication/transport
makes no difference.
> It would be so awesome if I could read - farther down the page it
> explicitly says that I do need to create new replication agreements, no
> editing what is already there.
? I sincerely hope you are not using the version of directory server
that corresponds to that documentation, which appears to be centos-ds 8.0?
What version of directory server are you using?
rpm -q centos-ds-base
rpm -q redhat-ds-base
rpm -q 389-ds-base

> On this note - is there a way to disable the existing replication
> agreement other than completely deleting it?

Yes, depending on what version you are using.

> --
> 389 users mailing list

389 users mailing list

No comments:

Post a Comment