The authentication in the Replication Protocol is based on public key cryptography using
client certificate authentication via TLS. The certificate used for authentication is stored
ads-truststore backend of the Directory Server. During
replication setup, the command-line utility distributes public keys to all directory servers to establish trust between the Directory Servers and to enable client authentication via TLS.
The authorization model of replication is simple: once authenticated, the remote Directory Server is fully authorized to exchange replication messages with the local Directory Server. There is no other access control in place.