Replication Over Ssl - Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR Administrator's Manual

Replication over SSL

If you want the update operation to occur over an SSL connection, you must
modify the
and values. For more information on the
"Managing Entries from the Command-Line," on page 55, and Red Hat Directory
Server Configuration, Command, and File Reference.
Replication over SSL
You can configure Directory Servers involved in replication so that all replication
operations occur over an SSL connection.
To use replication over SSL, you must first do the following:
• Configure both your supplier and consumer servers to use SSL.
• Configure your consumer server to recognize your supplier server's
certificate as the supplier DN. You do this only if you want to use SSL client
authentication rather than simple authentication.
These procedures are described in chapter 11, "Managing SSL and SASL."
NOTE
When your servers are configured to use SSL, you can ensure replication
operations occur over SSL connections by using the Replication Agreement
Wizard, which enables you to set up a replication agreement between two
Directory Servers. Keep in mind that once you create a replication agreement, you
cannot change the connection type (SSL or nonSSL) defined in the agreement; this
is because LDAP and LDAPS connections use different ports. To change the
connection type, you must re-create the replication agreement.
NOTE
354 Red Hat Directory Server Administrator's Guide • May 2005
command in the script with the appropriate parameters
ldapmodify
Replication configured over SSL with certificate-based
authentication will fail in the following cases:
• If the supplier's certificate is a self-signed certificate.
• If the supplier's certificate is only capable of behaving as an SSL
server certificate, meaning it is unable to play the role of the
client during an SSL handshake.
If you have enabled attribute encryption, you must use a secure
connection for replication.
command, refer to
ldapmodify