On lun, 2006-04-03 at 14:18 -0700, George Holbert wrote:
> Uhm...I can try, but in that case, is it possible that I've
a problem
> with replication ?
I don't think so. I've noticed that replication agreements over SSL
don't seem to care about hostname / CN matching, although they do check
that the CA is trusted. If I have the wrong impression on this, someone
please say so :).
In your replication agreements, you'd still want to use the
'nodo1.domain.example.com' or 'nodo2.domain.example.com' names, as
'ldap.domain.example.com' would obviously not be specific enough.
today I tried to issue 2 server certs using the same CA...using the same
CN...I can make correctly the certs and in Manage Certificate I can see
both server certs with the same name...but when I try to establish ssl
encryption between servers:
NSMMReplicationPlugin -agmt="cn="Replication to
nodo1.domain.example.com""(nodo1:636): Simple bind failed, LDAP sdk
error 81 (Can't contact LDAP server), Netscape Portable Runtime error-
12276 (Unable to communicate securely with peer: requested domain name
does not match the server's certificate.)
Is there someone that use two server Fedora DS to authenticate clients?
Even if I can browse in clear mode FDS both on nodo1 and nodo2...in
encrypt mode only one can certificate my clients?
alex