Omar Al-Tabari wrote:
both the provider and the consumer work fine independently, they both use TLS and have clients configured to use them, but now one of them must become a slave to the other and use Syncrepl to take the changes that the master provides.
but since both are using different certificates i dont know how are they gona communicate with their clients, since to use TLS you must create a CA certificate with the FQDN of the server, so both have different FQDN and hence different certificates.
Yes. The updatedn is a rather pointless setting, it has been removed in OpenLDAP 2.3. (But it is still needed in 2.2.)Lee Jensen wrote:
>>and the binddn "slave_reader" has the bind password in the slapd.conf, but the updatedn doesnt, so how is it gona bind and update?
I wondered this myself. I assume that because syncrepl actually runs inside the server daemon and the updatedn is configured from within the slapd.conf it's considered safe. So the syncrepl part of the daemon just uses that as the dn which is making mods for internal calls to check permissions to modify objects.
-- -- Howard Chu Chief Architect, Symas Corp. Director, Highland Sun http://www.symas.com http://highlandsun.com/hyc Symas: Premier OpenSource Development and Support