Re: ldap slave master relationship

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Thursday, March 17, 2005 5:55 PM +0200 Omar Al-Tabari 
<otabari@batelco.jo> wrote:

> both the provider and the consumer work fine independently, they both use
> TLS and have clients configured to use them, but now one of them must
> become a slave to the other and use Syncrepl to take the changes that the
> master provides.
> but since both are using different certificates i dont know how are they
> gona communicate with their clients, since to use TLS you must create a
> CA certificate with the FQDN of the server, so both have different FQDN
> and hence different certificates.
> I'll provide a full debug list when i get the chance.
> thanks for the help already provided, and please can you provide some
> more.
> kindest regards.

You should only have one CA cert, that signs the client certs of the 
respective servers.  There is no need to have multiple CA certs.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html