The PingDirectory server's utilities all support SASL
GSSAPI options for systems using Kerberos as its main authentication mechanism. The
following procedure shows how to use dsreplication with SASL GSSAP to
set up a new replication.admin
identity while enabling replication on a
server.
Note:
A separate Kerberos identity is required to manage replication. Existing Kerberos credentials can be used to interact with the server when enabling replication and creating the new identity.
The new identity, such as replication.admin
, must not exist as the
cn
or uid
value under any public base
distinguished name (DN).