I have been over the documentation and all documentations states that replication happens over port 7389. This is incorrect. It is happening over 389. I have a need for replication to operate over 7389 because I have a remote server that is located in a datacenter which I have no vpn/p2p access. Is there a way to set the replication port in IPA?
The documentation is a little unclear, I agree. It is trying to say that IF you want a CA on the replica then you'll need port 7389 (and a few others) opened in the firewall.
Changing the port would require reconfiguring 389-ds to listen on another port (or an additional port) and configure replication over that port. We don't provide the ability to configure ports so you'd need to make code changes.
If the concern is lack of security, we initially (during ipa-replica-install) to use startTLS over 389. Once the server is up we reconfigure the agreement to use GSSAPI, so the data is always encrypted. For the case of the CA, it always uses startTLS on port 7389.
rob _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users