Directory Server uses a simple authentication model to authorize replication servers.
After it is authenticated, the remote Directory Server is fully authorized to exchange replication messages with the local Directory Server. There is no other access control in place.
Authentication in the replication protocol is based on public key cryptography using TLS
client certificate authentication. The certificate used for authentication is stored in the
ads-truststore backend of the Directory Server.
During replication setup, the command-line utility distributes public keys to all directory servers to establish trust between the Directory Servers and to enable TLS client authentication.