[Date Prev][Date Next]
Re: N-way multi master configuration issue
On Tuesday, 30 August 2011 20:15:35 Naga Chaitanya Palle wrote:
> I was able to get the syncronization working between 2 providers.
> I had to remove data on both the servers and start from beginning.
> It worked.
> Now i am facing another issue.
> In case of single provider-client configuration, fot tls, i used to
> generate certificate on server and copy the same certificate to client for
> encrypted communication between provider and client.
This is not the way things are intended to be done, for any SSL-based client-
server protocol. If you had multiple servers and multiple clients, this
approach would require you to update the "CA certificate" on each client each
time you added/update (a cert) an LDAP server.
If you go back to the more common SSL cases, does every user update a list of
CA certificates every time a new web site adds/updates an SSL certificate?
In short, please go and read about CA certificates, very little of this is
specific to OpenLDAP or multi-master.