Page created: 4 Feb 2020
|
Page updated: 22 Jul 2020
The authentication in the Replication Protocol is based on public key cryptography using
client certificate authentication via TLS. The certificate used for authentication is stored
in the ads-truststore
backend of the Directory Server. During
replication setup, the command-line utility distributes public keys to all directory servers to establish trust between the Directory Servers and to enable client authentication via TLS.
The authorization model of replication is simple: once authenticated, the remote Directory Server is fully authorized to exchange replication messages with the local Directory Server. There is no other access control in place.