Replicating o=NetscapeRoot for

the supplier's certificate is only capable of behaving as a server certificate, and not also a client during an SSL handshake. Replication with certificate-based authentication uses the Directory Server's server certificate for authentication to the remote server.

When the servers are configured to use SSL, configure an SSL connection for replication in the Replication Agreement Wizard. The Source and Destination sets how to bind between the supplier and the consumer, and this is where SSL is set.

There are two ways to use SSL for replication:

Select SSL Client Authentication.

With SSL client authentication, the supplier and consumer servers use certificates to authenticate to each other.

Select Simple Authentication.

With simple authentication, the supplier and consumer servers use a bind DN and password to authenticate to each other, which are supplied in the Replication Agreement Wizard text fields provided. Simple authentication takes place over a secure channel but without certificates.

Once a replication agreement is created, the connection type (SSL or non SSL) cannot be changed in the agreement because LDAP and LDAPS connections use different ports. To change the connection type, re-create the replication agreement.

Also, the port listed for the consumer is the non-SSL port, even if the Directory Server instance is configured to run over SSL. This port number is used only for identification of the Directory Server instance in the Console; it does not specify the actual port number or protocol that is used for replication.

14.Replicating o=NetscapeRoot for Administration Server Failover

Replication usually occurs between Directory Server user databases to distribute directory data, but it is also possible to use replication to provide failover support for the Administration Server database, o=NetscapeRoot.

1.Install and configure the first Directory Server instance.

The setup-ds-admin.plscript has an option, -f, which references an inf. The inf can be used to import LDIF files through the ConfigFile parameter, and the LDIF files can create

333

Page 353
Image 353
HP UX Red Hat Direry Server Software manual Replicating o=NetscapeRoot for, Select SSL Client Authentication