[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap slave master relationship

--On Thursday, March 17, 2005 5:55 PM +0200 Omar Al-Tabari <otabari@batelco.jo> wrote:

both the provider and the consumer work fine independently, they both use
TLS and have clients configured to use them, but now one of them must
become a slave to the other and use Syncrepl to take the changes that the
master provides.
but since both are using different certificates i dont know how are they
gona communicate with their clients, since to use TLS you must create a
CA certificate with the FQDN of the server, so both have different FQDN
and hence different certificates.
I'll provide a full debug list when i get the chance.
thanks for the help already provided, and please can you provide some
kindest regards.

You should only have one CA cert, that signs the client certs of the respective servers. There is no need to have multiple CA certs.


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html