[Fedora-directory-users] replication: edit agreements, and tls?
David Boreham
david_list at boreham.org
Tue Jun 28 01:32:58 UTC 2005
>A limitation on the server side is that a replication agreement's target
>host, port and connection type can't be modified while the server is
>running - DSA unwilling to perform. It has to be recreated or possibly
>edited in offline mode. Maybe this could use some enhancement (followed
>by Console unenhancement), but I'd rank replication StartTLS support
>higher on the nice-to-have list.
>
>
Changing the connection properties while the server is up is likely
to take a long time to completely debug. That's because the replication
connection
management state machine code is rather complicated and hard to modify.
However, adding support for start tls is quite easy.
If you feel like it you can always take the server down and
edit the replication agreement directly. But hey, replication
agreements are created approximately never (like a few times
when you're figuring out how the thing works, then once or
twice when you deploy). So making the process silky-smooth
for some even yet more uncommon corner case like
changing from non-ssl to ssl seems like not a great use
of limited programming and testing time (IMHO).
More information about the Fedora-directory-users
mailing list