I've set up MMR without certificates before. I'm just confused with different documentation telling me different things. My setup is 2 servers, both with their own CA certificates, talking to each other "multi-master."
A couple questions I have: 1. Is each server allowed to have its own self-signed CA and still be able to do replication? 2. If they are supposed to have the same CA, I understand. Documents have told me to create a CA certificate and then pass that CA cert to the other server? I keep running into issues because the serial numbers of the two certs match. Thanks for the documentation so far. I hope this will solve my issue :) R From: Justin Edmands <[email protected]<mailto:[email protected]>> Reply-To: "General discussion list for the 389 Directory server project." <[email protected]<mailto:[email protected]>> Date: Thursday, March 6, 2014 5:19 PM To: "General discussion list for the 389 Directory server project." <[email protected]<mailto:[email protected]>> Subject: Re: [389-users] Multimaster Replication with 389 I will second the motion of forwarding to documentation here. It appears you have a lot of the same questions that I had when setting up my environment. It will all come to fruition after stepping through it slowly. This is not something to piece together if being used for your production environment. You'll miss something important and have to deal with it eventually. If this is a project for your job that needs to be rushed along, explain that setting it up correctly in 1 day is not really going to happen. That being said, your google searches will land you in fedoraproject and redhat docs. Both are usable and will get you where you want to be. After setup correctly, the replication is super simple in the DS interface. On Thu, Mar 6, 2014 at 4:38 PM, Vincent Gerris <[email protected]<mailto:[email protected]>> wrote: I did this based on a chef recipe which I do not have here. A start can be found here: https://www.youtube.com/watch?v=M2dUHOfaqe4 and here: https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication.html and here: http://directory.fedoraproject.org/wiki/Howto:WalkthroughMultimasterSSL Just read the documentation and you should be able to figure it out. Some notes I remember: - to connect to replication host I used port 389 and TLS - when register 1 to 2 initalise, do not do it vice versa You can use corosync/pacemaker if you want to add load balancing. Good luck! On Thu, Mar 6, 2014 at 8:59 PM, Chaudhari, Rohit K. <[email protected]<mailto:[email protected]>> wrote: Hello, How do I do multi-master replication on 389DS with two TLS/SSL enabled servers? Thanks, R -- 389 users mailing list [email protected]<mailto:[email protected]> https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list [email protected]<mailto:[email protected]> https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
