On Tuesday, 30 August 2011 20:15:35 Naga Chaitanya Palle wrote: > Hi, > > I was able to get the syncronization working between 2 providers. > I had to remove data on both the servers and start from beginning. > It worked. > > Now i am facing another issue. > In case of single provider-client configuration, fot tls, i used to > generate certificate on server and copy the same certificate to client for > encrypted communication between provider and client.
This is not the way things are intended to be done, for any SSL-based client- server protocol. If you had multiple servers and multiple clients, this approach would require you to update the "CA certificate" on each client each time you added/update (a cert) an LDAP server. If you go back to the more common SSL cases, does every user update a list of CA certificates every time a new web site adds/updates an SSL certificate? In short, please go and read about CA certificates, very little of this is specific to OpenLDAP or multi-master. Regards, Buchan
