Chapter 8. Managing Replication
290
• Select
SSL Client Authentication
.
With SSL client authentication, the supplier and consumer servers use certificates to authenticate to
each other.
• Select
Simple Authentication
.
With simple authentication, the supplier and consumer servers use a bind DN and password to
authenticate to each other, which are supplied in the
Replication Agreement Wizard
text fields
provided. Simple authentication takes place over a secure channel but without certificates.
Once a replication agreement is created, the connection type (SSL or non SSL) cannot be changed in
the agreement because LDAP and LDAPS connections use different ports. To change the connection
type, re-create the replication agreement.
Also, the port listed for the consumer is the non-SSL port, even if the Directory Server instance is
configured to run over SSL. This port number is used only for identification of the Directory Server
instance in the Console; it does not specify the actual port number or protocol that is used for
replication.
8.14. Replicating o=NetscapeRoot for Administration
Server Failover
Replication usually occurs between Directory Server user databases to distribute directory data, but it
is also possible to use replication to provide failover support for the Administration Server database,
o=NetscapeRoot
.
1. Install and configure the first Directory Server instance.
The
setup-ds-admin.pl
script has an option,
-f
, which references an
inf
. The
inf
can
be used to import LDIF files through the
ConfigFile
parameter, and the LDIF files can create
databases, suffixes, and replication entries. (The
inf
file is described in more detail in the
Directory Server Installation Guide
.)
/usr/sbin/setup-ds-admin.pl -f /tmp/server1.inf
To configure the
o=NetscapeRoot
database on
server1
as a multi-master supplier replica, use
the following statements in the
inf
file:
[slapd]
...
ConfigFile = repluser.ldif
Example 8.1, “Example Supplier Bind DN Entry”
ConfigFile = changelog.ldif
Example 8.2, “Example Changelog Entry”
ConfigFile = replica.ldif
Example 8.3, “Example Supplier Replica Entry”
ConfigFile = replagreement.ldif
Example 8.4, “Example Replication Agreement Entry”
...
2. Install and configure the second Directory Server instance. For the second server,
server2.example.com
, use the
setup-ds.pl
command, which installs a Directory Server
instance without installing a local Administration Server.
/usr/sbin/setup-ds.pl -f /tmp/server2.inf
Содержание DIRECTORY SERVER 8.0
Страница 18: ...xviii ...
Страница 29: ...Configuring the Directory Manager 11 6 Enter the new password and confirm it 7 Click Save ...
Страница 30: ...12 ...
Страница 112: ...94 ...
Страница 128: ...110 ...
Страница 190: ...Chapter 6 Managing Access Control 172 4 Click New to open the Access Control Editor ...
Страница 224: ...206 ...
Страница 324: ...306 ...
Страница 334: ...316 ...
Страница 358: ...340 ...
Страница 410: ...392 ...
Страница 420: ...402 ...
Страница 444: ...426 ...
Страница 454: ...436 ...
Страница 464: ...446 ...
Страница 484: ...466 ...
Страница 512: ...494 ...
Страница 522: ...504 ...