On Tuesday, 30 August 2011 20:15:35 Naga Chaitanya Palle wrote:
I was able to get the syncronization working between 2 providers.
I had to remove data on both the servers and start from beginning.
Now i am facing another issue.
In case of single provider-client configuration, fot tls, i used to
generate certificate on server and copy the same certificate to client for
encrypted communication between provider and client.
This is not the way things are intended to be done, for any SSL-based client-
server protocol. If you had multiple servers and multiple clients, this
approach would require you to update the "CA certificate" on each client each
time you added/update (a cert) an LDAP server.
If you go back to the more common SSL cases, does every user update a list of
CA certificates every time a new web site adds/updates an SSL certificate?
In short, please go and read about CA certificates, very little of this is
specific to OpenLDAP or multi-master.