[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-devel] [PATCH] 751 dogtag replication



On Thu, 2011-03-10 at 00:10 -0500, Rob Crittenden wrote:
> The replication between dogtag servers wasn't using TLS or SSL. This 
> uses a new option to pkisilent to create replication agreements that use 
> TLS.
> 
> The SSL cert we will use is the same as the main 389-ds instance via 
> symbolic link.
> 
> I tested with --selfsign, with dogtag and with dogtag signed by an 
> external CA.
> 
> ticket 1060
> 
> rob

ACK.

The patch looks OK. I tested the installation process on both F-14 and
F-15 (IPA with dogtag + replica, self-signed IPA + replica, IPA with
external CA + replica) and the replication was OK.

There were some issues during the testing, but they were found
irrelevant in our IRC discussion. I am opening a ticket right now to
increase a stability of IPA installation (after the DS restart, wait
until the ports are open - then do the ldapmodify commands).

Martin


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]