[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: N-way multi master configuration issue

On Tuesday, 30 August 2011 20:15:35 Naga Chaitanya Palle wrote:
> Hi,
> I was able to get the syncronization working between 2 providers.
> I had to remove data on both the servers and start from beginning.
> It worked.
> Now i am facing another issue.
> In case of single provider-client configuration, fot tls, i used to
> generate certificate on server and copy the same certificate to client for
> encrypted communication between provider and client.

This is not the way things are intended to be done, for any SSL-based client-
server protocol. If you had multiple servers and multiple clients, this 
approach would require you to update the "CA certificate" on each client each 
time you added/update (a cert) an LDAP server.

If you go back to the more common SSL cases, does every user update a list of 
CA certificates every time a new web site adds/updates an SSL certificate?

In short, please go and read about CA certificates, very little of this is 
specific to OpenLDAP or multi-master.