On Tuesday, 30 August 2011 20:15:35 Naga Chaitanya Palle wrote:
Hi,
I was able to get the syncronization working between 2 providers. I had to remove data on both the servers and start from beginning. It worked.
Now i am facing another issue. In case of single provider-client configuration, fot tls, i used to generate certificate on server and copy the same certificate to client for encrypted communication between provider and client.
This is not the way things are intended to be done, for any SSL-based client- server protocol. If you had multiple servers and multiple clients, this approach would require you to update the "CA certificate" on each client each time you added/update (a cert) an LDAP server.
If you go back to the more common SSL cases, does every user update a list of CA certificates every time a new web site adds/updates an SSL certificate?
In short, please go and read about CA certificates, very little of this is specific to OpenLDAP or multi-master.
Regards, Buchan