Thank you for your hint.
I did read the suggested documentation before asking for assistance, but
did not understand it at that time.
In the end I used simple authentication over TLS/SSL.
Rich Megginson wrote:
Mitja Mihelič wrote:
> I am trying to get replication to work over SSL, but I seem to be
> missing something...
> To make a long story short: single-master and multi-master
> replication without SSL works without a problem.
> I have created two Directory servers via the Management Console, one
> called master (supplier) and one called replica (consumer).
> I have issued a certificate request via the management console for
> the supplier and consumer.
> Both were signed by a test CA and imported into the corresponding
> server's certificate store.
> Now, what exactly must I do, to correctly map the certificates and
> make them talk to each other ?
> I have read the documentation, but I just don't understand how to
> make it work.
> The following dn is used for replication:
> dn: cn=replication manager,cn=config
> objectClass: inetorgperson
> objectClass: person
> objectClass: top
> objectClass: organizationalPerson
> cn: replication manager
> sn: RM
> userPassword: replicate
> passwordExpirationTime: 20380119031407Z
> Read the following lines if you wish to know how I have it set up
> what I have done to set up non-SSL replication:
> The Directory server instances are using their own ports (supplier:
> 30389/30636 and consumer: 40389/40636 respectively).
> I have inserted a replication user into the dse.ldif files in both
> the supplier and the consumer as specified in the documentation.
> The supplier has been populated with test entries, enabled the
> changelog and replication of the relevant database.
> The consumer has been set up accordingly.
> I have created an appropriate replication agreement and initialized
> the consumer.
> All entries replicated as expected and the replica was updating
If you want to use simple authentication using your replication
manager user, but you want the connection to be secure with TLS/SSL,
start here -
> 389 users mailing list
389 users mailing list