I've set up MMR without certificates before. I'm just confused with different
documentation telling me different things. My setup is 2 servers, both with their own CA
certificates, talking to each other "multi-master."
A couple questions I have:
1. Is each server allowed to have its own self-signed CA and still be able to do
replication?
2. If they are supposed to have the same CA, I understand. Documents have told me to
create a CA certificate and then pass that CA cert to the other server? I keep running
into issues because the serial numbers of the two certs match.
Thanks for the documentation so far.
I hope this will solve my issue :)
R
From: Justin Edmands <shockwavecs@gmail.com<mailto:shockwavecs@gmail.com>>
Reply-To: "General discussion list for the 389 Directory server project."
<389-users@lists.fedoraproject.org<mailto:389-users@lists.fedoraproject.org>>
Date: Thursday, March 6, 2014 5:19 PM
To: "General discussion list for the 389 Directory server project."
<389-users@lists.fedoraproject.org<mailto:389-users@lists.fedoraproject.org>>
Subject: Re: [389-users] Multimaster Replication with 389
I will second the motion of forwarding to documentation here. It appears you have a lot of
the same questions that I had when setting up my environment. It will all come to fruition
after stepping through it slowly. This is not something to piece together if being used
for your production environment. You'll miss something important and have to deal with
it eventually. If this is a project for your job that needs to be rushed along, explain
that setting it up correctly in 1 day is not really going to happen. That being said, your
google searches will land you in fedoraproject and redhat docs. Both are usable and will
get you where you want to be. After setup correctly, the replication is super simple in
the DS interface.
On Thu, Mar 6, 2014 at 4:38 PM, Vincent Gerris
<vgerris@gmail.com<mailto:vgerris@gmail.com>> wrote:
I did this based on a chef recipe which I do not have here.
A start can be found here:
https://www.youtube.com/watch?v=M2dUHOfaqe4
and here:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Serv...
and here:
http://directory.fedoraproject.org/wiki/Howto:WalkthroughMultimasterSSL
Just read the documentation and you should be able to figure it out.
Some notes I remember:
- to connect to replication host I used port 389 and TLS
- when register 1 to 2 initalise, do not do it vice versa
You can use corosync/pacemaker if you want to add load balancing.
Good luck!
On Thu, Mar 6, 2014 at 8:59 PM, Chaudhari, Rohit K.
<Rohit.Chaudhari@jhuapl.edu<mailto:Rohit.Chaudhari@jhuapl.edu>> wrote:
Hello,
How do I do multi-master replication on 389DS with two TLS/SSL enabled servers?
Thanks,
R
--
389 users mailing list
389-users@lists.fedoraproject.org<mailto:389-users@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org<mailto:389-users@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users