63 lines
3.8 KiB
HTML
63 lines
3.8 KiB
HTML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="dc.language" scheme="rfc1766" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow"/>
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<title>Directory Server (LDAP) - Set up replication over a secure connection</title>
|
|
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
|
|
<link rel="stylesheet" type="text/css" href="ic.css" />
|
|
</head>
|
|
<body>
|
|
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
|
|
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
|
|
|
|
<img src="delta.gif" alt="Start of change" />
|
|
<a name="rzahyrepsecure"></a>
|
|
<h3 id="rzahyrepsecure">Set up replication over a secure connection</h3>
|
|
<p>Replication over SSL should be set up in stages so that you can verify
|
|
everything as you go through the process.</p>
|
|
<p>Before attempting to configure replication over a secure connection, you
|
|
should complete the following tasks (in any order):</p>
|
|
<ul>
|
|
<li>Configure replication over a non-secure connection.</li>
|
|
<li>Configure the consumer server to accept secure connections over the secure
|
|
port. Verify that a client can use a secure connection to the consumer server,
|
|
for example, by using the ldapsearch utility. If you want a supplier server
|
|
to use a certificate for authentication, such as SASL external bind over SSL,
|
|
you should first set up server authentication and then client and server authentication,
|
|
where the "server" is the consumer server and the client is the supplier server.
|
|
<a name="wq285"></a>
|
|
<div class="notetitle" id="wq285">Note:</div>
|
|
<div class="notebody">When the server is configured to use client and server authentication,
|
|
all clients using SSL are required to have a client certificate.</div></li>
|
|
<li>Configure the supplier server to trust the certificate authority that
|
|
issued the consumer's certificate.</li></ul>
|
|
<p></p>
|
|
<ol type="1">
|
|
<li>In the Web administration tool, click <span class="bold">Manage
|
|
topology</span> under the <span class="bold">Replication management</span>category.</li>
|
|
<li>Choose one of the existing agreements that you want to make secure.</li>
|
|
<li>Choose <span class="bold">Edit agreement...</span> and select to
|
|
use SSL making sure to use the correct port number. 636 is the standard secure
|
|
port number.</li>
|
|
<li>Verify that replication over the agreement is working properly.</li></ol>
|
|
<p>If you are only trying to set up replication to authenticate using a DN
|
|
and a password over a secure connection, the preceding steps have done this
|
|
for you. Authentication using a client certificate requires a different credentials
|
|
object to be used by the supplier server in its agreement, as well as configuring
|
|
the consumer server to accept that certificate as a supplier server.</p><img src="deltaend.gif" alt="End of change" />
|
|
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
|
|
</body>
|
|
</html>
|