diff options
| author | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-03-09 07:09:38 +0000 |
|---|---|---|
| committer | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-03-09 07:09:38 +0000 |
| commit | 398e4c4f5fd98485de1134e0367317bad1e319c3 (patch) | |
| tree | d1b0f1d2342f92a02f9f8cb810591188e75ff8db /pki | |
| parent | ae195e547398b8e3be676358a44676b2148ce50e (diff) | |
| download | pki-398e4c4f5fd98485de1134e0367317bad1e319c3.tar.gz pki-398e4c4f5fd98485de1134e0367317bad1e319c3.tar.xz pki-398e4c4f5fd98485de1134e0367317bad1e319c3.zip | |
Bugzilla #683173: pkisilent needs to provide option to set nsDS5ReplicaTransportInfo to TLS in replication agreements when creating a clone
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1887 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki')
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java | 24 | ||||
| -rw-r--r-- | pki/base/silent/src/ca/ConfigureCA.java | 17 | ||||
| -rw-r--r-- | pki/base/silent/src/drm/ConfigureDRM.java | 17 | ||||
| -rw-r--r-- | pki/base/silent/src/ocsp/ConfigureOCSP.java | 16 | ||||
| -rw-r--r-- | pki/base/silent/src/subca/ConfigureSubCA.java | 16 | ||||
| -rw-r--r-- | pki/base/silent/src/tks/ConfigureTKS.java | 16 | ||||
| -rwxr-xr-x | pki/base/silent/templates/pki_silent.template | 14 | ||||
| -rw-r--r-- | pki/dogtag/common-ui/shared/admin/console/config/databasepanel.vm | 7 |
8 files changed, 115 insertions, 12 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java index 539a2eb0c..fc127700f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java @@ -146,6 +146,7 @@ public class DatabasePanel extends WizardPanelBase { String database = null; String errorString = ""; String secure = "false"; + String cloneStartTLS = "false"; try { String s = cs.getString("preop.database.removeData"); } catch (Exception e) { @@ -166,6 +167,7 @@ public class DatabasePanel extends WizardPanelBase { binddn = cs.getString("internaldb.ldapauth.bindDN", ""); database = cs.getString("internaldb.database", ""); secure = cs.getString("internaldb.ldapconn.secureConn", ""); + cloneStartTLS = cs.getString("internaldb.ldapconn.cloneStartTLS", ""); errorString = cs.getString("preop.database.errorString", ""); } catch (Exception e) { CMS.debug("DatabasePanel display: " + e.toString()); @@ -220,7 +222,8 @@ public class DatabasePanel extends WizardPanelBase { context.put("binddn", binddn); context.put("bindpwd", bindpwd); context.put("database", database); - context.put("secureConn", (secure.equals("true")? "on":"off")); + context.put("secureConn", (secure.equals("true")? "on":"off")); + context.put("cloneStartTLS", (cloneStartTLS.equals("true")? "on":"off")); context.put("panel", "admin/console/config/databasepanel.vm"); context.put("errorString", errorString); } @@ -279,6 +282,9 @@ public class DatabasePanel extends WizardPanelBase { String secure = HttpInput.getCheckbox(request, "secureConn"); context.put("secureConn", secure); + String cloneStartTLS = HttpInput.getCheckbox(request, "cloneStartTLS"); + context.put("cloneStartTLS", cloneStartTLS); + String select = ""; try { select = cs.getString("preop.subsystem.select", ""); @@ -866,6 +872,9 @@ public class DatabasePanel extends WizardPanelBase { cs.putString("internaldb.database", database2); String secure = HttpInput.getCheckbox(request, "secureConn"); cs.putString("internaldb.ldapconn.secureConn", (secure.equals("on")?"true":"false")); + String cloneStartTLS = HttpInput.getCheckbox(request, "cloneStartTLS"); + cs.putString("internaldb.ldapconn.cloneStartTLS", (cloneStartTLS.equals("on")?"true":"false")); + String remove = HttpInput.getID(request, "removeData"); if (isPanelDone() && (remove == null || remove.equals(""))) { /* if user submits the same data, they just want to skip @@ -987,7 +996,7 @@ public class DatabasePanel extends WizardPanelBase { // setup replication after indexes have been created if (select.equals("clone")) { CMS.debug("Start setting up replication."); - setupReplication(request, context, (secure.equals("on")?"true":"false")); + setupReplication(request, context, (secure.equals("on")?"true":"false"), (cloneStartTLS.equals("on")?"true":"false")); CMS.debug("Finish setting up replication."); try { @@ -1016,7 +1025,7 @@ public class DatabasePanel extends WizardPanelBase { } private void setupReplication(HttpServletRequest request, - Context context, String secure) throws IOException { + Context context, String secure, String cloneStartTLS) throws IOException { String bindpwd = HttpInput.getPassword(request, "__bindpwd"); IConfigStore cs = CMS.getConfigStore(); @@ -1122,10 +1131,10 @@ public class DatabasePanel extends WizardPanelBase { CMS.debug("DatabasePanel setupReplication: Finished enabling replication"); createReplicationAgreement(replicadn, conn1, masterAgreementName, - master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure); + master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure, cloneStartTLS); createReplicationAgreement(replicadn, conn2, cloneAgreementName, - master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure); + master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure, cloneStartTLS); // initialize consumer initializeConsumer(replicadn, conn1, masterAgreementName); @@ -1320,7 +1329,7 @@ public class DatabasePanel extends WizardPanelBase { private void createReplicationAgreement(String replicadn, LDAPConnection conn, String name, String replicahost, int replicaport, - String replicapwd, String basedn, String bindUser, String secure) throws LDAPException { + String replicapwd, String basedn, String bindUser, String secure, String cloneStartTLS) throws LDAPException { String dn = "cn="+name+","+replicadn; CMS.debug("DatabasePanel createReplicationAgreement: dn: "+dn); LDAPEntry entry = null; @@ -1341,7 +1350,10 @@ public class DatabasePanel extends WizardPanelBase { if (secure.equals("true")) { attrs.add(new LDAPAttribute("nsDS5ReplicaTransportInfo", "SSL")); + } else if (cloneStartTLS.equals("true")) { + attrs.add(new LDAPAttribute("nsDS5ReplicaTransportInfo", "TLS")); } + CMS.debug("About to set description attr to " + name); attrs.add(new LDAPAttribute("description",name)); diff --git a/pki/base/silent/src/ca/ConfigureCA.java b/pki/base/silent/src/ca/ConfigureCA.java index f1fb63f9c..66fca89b9 100644 --- a/pki/base/silent/src/ca/ConfigureCA.java +++ b/pki/base/silent/src/ca/ConfigureCA.java @@ -99,6 +99,9 @@ public class ConfigureCA { public static String bind_password = null; public static String base_dn = null; public static String db_name = null; + public static String secure_conn = null; + public static String clone_start_tls = null; + public static String remove_data = null; public static String key_type = null; public static String key_size = null; @@ -517,7 +520,10 @@ public class ConfigureCA { + URLEncoder.encode(bind_password) + "&basedn=" + URLEncoder.encode(base_dn) + "&database=" + URLEncoder.encode(db_name) + "&display=" - + URLEncoder.encode("$displayStr") + ""; + + URLEncoder.encode("$displayStr") + + (secure_conn.equals("true")? "&secureConn=on": "") + + (clone_start_tls.equals("true")? "&cloneStartTLS=on": "") + + (remove_data.equals("true")? "&removeData=true": ""); hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); @@ -1447,6 +1453,9 @@ public class ConfigureCA { StringHolder x_bind_password = new StringHolder(); StringHolder x_base_dn = new StringHolder(); StringHolder x_db_name = new StringHolder(); + StringHolder x_secure_conn = new StringHolder(); + StringHolder x_clone_start_tls = new StringHolder(); + StringHolder x_remove_data = new StringHolder(); // key properties (defaults) StringHolder x_key_size = new StringHolder(); @@ -1556,6 +1565,9 @@ public class ConfigureCA { x_bind_password); parser.addOption("-base_dn %s #base dn", x_base_dn); parser.addOption("-db_name %s #db name", x_db_name); + parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn); + parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", x_remove_data); + parser.addOption("-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", x_clone_start_tls); // key and algorithm options (default) parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type); @@ -1672,6 +1684,9 @@ public class ConfigureCA { bind_password = x_bind_password.value; base_dn = x_base_dn.value; db_name = x_db_name.value; + secure_conn = set_default(x_secure_conn.value, "false"); + remove_data = set_default(x_remove_data.value, "false"); + clone_start_tls = set_default(x_clone_start_tls.value, "false"); key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE); signing_key_type = set_default(x_signing_key_type.value, key_type); diff --git a/pki/base/silent/src/drm/ConfigureDRM.java b/pki/base/silent/src/drm/ConfigureDRM.java index fb9f112ce..5298811f3 100644 --- a/pki/base/silent/src/drm/ConfigureDRM.java +++ b/pki/base/silent/src/drm/ConfigureDRM.java @@ -102,6 +102,9 @@ public class ConfigureDRM public static String bind_password = null; public static String base_dn = null; public static String db_name = null; + public static String secure_conn = null; + public static String clone_start_tls = null; + public static String remove_data = null; public static String key_type = null; public static String key_size = null; @@ -456,7 +459,10 @@ public class ConfigureDRM "&__bindpwd=" + URLEncoder.encode(bind_password) + "&basedn=" + URLEncoder.encode(base_dn) + "&database=" + URLEncoder.encode(db_name) + - "&display=" + URLEncoder.encode("$displayStr"); + "&display=" + URLEncoder.encode("$displayStr") + + (secure_conn.equals("true")? "&secureConn=on": "") + + (clone_start_tls.equals("true")? "&cloneStartTLS=on": "") + + (remove_data.equals("true")? "&removeData=true": ""); hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); @@ -1071,6 +1077,9 @@ public class ConfigureDRM StringHolder x_bind_password = new StringHolder(); StringHolder x_base_dn = new StringHolder(); StringHolder x_db_name = new StringHolder(); + StringHolder x_secure_conn = new StringHolder(); + StringHolder x_clone_start_tls = new StringHolder(); + StringHolder x_remove_data = new StringHolder(); // key properties (defaults) StringHolder x_key_size = new StringHolder(); @@ -1188,6 +1197,9 @@ public class ConfigureDRM x_base_dn); parser.addOption ("-db_name %s #db name", x_db_name); + parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn); + parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", x_remove_data); + parser.addOption("-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", x_clone_start_tls); // key and algorithm options (default) parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type); @@ -1307,6 +1319,9 @@ public class ConfigureDRM bind_password = x_bind_password.value; base_dn = x_base_dn.value; db_name = x_db_name.value; + secure_conn = set_default(x_secure_conn.value, "false"); + remove_data = set_default(x_remove_data.value, "false"); + clone_start_tls = set_default(x_clone_start_tls.value, "false"); key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE); transport_key_type = set_default(x_transport_key_type.value, key_type); diff --git a/pki/base/silent/src/ocsp/ConfigureOCSP.java b/pki/base/silent/src/ocsp/ConfigureOCSP.java index ad23c70ee..9e5410bad 100644 --- a/pki/base/silent/src/ocsp/ConfigureOCSP.java +++ b/pki/base/silent/src/ocsp/ConfigureOCSP.java @@ -100,6 +100,9 @@ public class ConfigureOCSP public static String bind_password = null; public static String base_dn = null; public static String db_name = null; + public static String secure_conn = null; + public static String clone_start_tls = null; + public static String remove_data = null; public static String key_type = null; public static String key_size = null; @@ -401,7 +404,9 @@ public class ConfigureOCSP "&basedn=" + URLEncoder.encode(base_dn) + "&database=" + URLEncoder.encode(db_name) + "&display=" + URLEncoder.encode("$displayStr") + - ""; + (secure_conn.equals("true")? "&secureConn=on": "") + + (clone_start_tls.equals("true")? "&cloneStartTLS=on": "") + + (remove_data.equals("true")? "&removeData=true": ""); hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); @@ -962,6 +967,9 @@ public class ConfigureOCSP StringHolder x_bind_password = new StringHolder(); StringHolder x_base_dn = new StringHolder(); StringHolder x_db_name = new StringHolder(); + StringHolder x_secure_conn = new StringHolder(); + StringHolder x_clone_start_tls = new StringHolder(); + StringHolder x_remove_data = new StringHolder(); // key properties (defaults) StringHolder x_key_size = new StringHolder(); @@ -1067,6 +1075,9 @@ public class ConfigureOCSP x_base_dn); parser.addOption ("-db_name %s #db name", x_db_name); + parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn); + parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", x_remove_data); + parser.addOption("-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", x_clone_start_tls); // key and algorithm options (default) parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type); @@ -1173,6 +1184,9 @@ public class ConfigureOCSP bind_password = x_bind_password.value; base_dn = x_base_dn.value; db_name = x_db_name.value; + secure_conn = set_default(x_secure_conn.value, "false"); + remove_data = set_default(x_remove_data.value, "false"); + clone_start_tls = set_default(x_clone_start_tls.value, "false"); key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE); signing_key_type = set_default(x_signing_key_type.value, key_type); diff --git a/pki/base/silent/src/subca/ConfigureSubCA.java b/pki/base/silent/src/subca/ConfigureSubCA.java index 111879bb5..561f68e44 100644 --- a/pki/base/silent/src/subca/ConfigureSubCA.java +++ b/pki/base/silent/src/subca/ConfigureSubCA.java @@ -102,6 +102,9 @@ public class ConfigureSubCA public static String bind_password = null; public static String base_dn = null; public static String db_name = null; + public static String secure_conn = null; + public static String clone_start_tls = null; + public static String remove_data = null; public static String key_type = null; public static String key_size = null; @@ -430,7 +433,9 @@ public class ConfigureSubCA "&binddn=" + URLEncoder.encode(bind_dn) + "&__bindpwd=" + URLEncoder.encode(bind_password) + "&display=" + URLEncoder.encode("$displayStr") + - ""; + (secure_conn.equals("true")? "&secureConn=on": "") + + (clone_start_tls.equals("true")? "&cloneStartTLS=on": "") + + (remove_data.equals("true")? "&removeData=true": ""); hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); @@ -1014,6 +1019,9 @@ public class ConfigureSubCA StringHolder x_bind_password = new StringHolder(); StringHolder x_base_dn = new StringHolder(); StringHolder x_db_name = new StringHolder(); + StringHolder x_secure_conn = new StringHolder(); + StringHolder x_clone_start_tls = new StringHolder(); + StringHolder x_remove_data = new StringHolder(); // key properties (defaults) StringHolder x_key_size = new StringHolder(); @@ -1126,6 +1134,9 @@ public class ConfigureSubCA x_base_dn); parser.addOption ("-db_name %s #db name", x_db_name); + parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn); + parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", x_remove_data); + parser.addOption("-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", x_clone_start_tls); // key and algorithm options (default) parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type); @@ -1236,6 +1247,9 @@ public class ConfigureSubCA bind_password = x_bind_password.value; base_dn = x_base_dn.value; db_name = x_db_name.value; + secure_conn = set_default(x_secure_conn.value, "false"); + remove_data = set_default(x_remove_data.value, "false"); + clone_start_tls = set_default(x_clone_start_tls.value, "false"); key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE); signing_key_type = set_default(x_signing_key_type.value, key_type); diff --git a/pki/base/silent/src/tks/ConfigureTKS.java b/pki/base/silent/src/tks/ConfigureTKS.java index 25242dfd3..ec934c8f4 100644 --- a/pki/base/silent/src/tks/ConfigureTKS.java +++ b/pki/base/silent/src/tks/ConfigureTKS.java @@ -99,6 +99,9 @@ public class ConfigureTKS public static String bind_password = null; public static String base_dn = null; public static String db_name = null; + public static String secure_conn = null; + public static String clone_start_tls = null; + public static String remove_data = null; public static String key_type = null; public static String key_size = null; @@ -384,7 +387,9 @@ public class ConfigureTKS "&basedn=" + URLEncoder.encode(base_dn) + "&database=" + URLEncoder.encode(db_name) + "&display=" + URLEncoder.encode("$displayStr") + - ""; + (secure_conn.equals("true")? "&secureConn=on": "") + + (clone_start_tls.equals("true")? "&cloneStartTLS=on": "") + + (remove_data.equals("true")? "&removeData=true": ""); hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); @@ -931,6 +936,9 @@ public class ConfigureTKS StringHolder x_bind_password = new StringHolder(); StringHolder x_base_dn = new StringHolder(); StringHolder x_db_name = new StringHolder(); + StringHolder x_secure_conn = new StringHolder(); + StringHolder x_clone_start_tls = new StringHolder(); + StringHolder x_remove_data = new StringHolder(); // key properties (defaults) StringHolder x_key_size = new StringHolder(); @@ -1028,6 +1036,9 @@ public class ConfigureTKS x_base_dn); parser.addOption ("-db_name %s #db name", x_db_name); + parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn); + parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", x_remove_data); + parser.addOption("-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", x_clone_start_tls); // key and algorithm options (default) parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type); @@ -1124,6 +1135,9 @@ public class ConfigureTKS bind_password = x_bind_password.value; base_dn = x_base_dn.value; db_name = x_db_name.value; + secure_conn = set_default(x_secure_conn.value, "false"); + remove_data = set_default(x_remove_data.value, "false"); + clone_start_tls = set_default(x_clone_start_tls.value, "false"); key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE); audit_signing_key_type = set_default(x_audit_signing_key_type.value, key_type); diff --git a/pki/base/silent/templates/pki_silent.template b/pki/base/silent/templates/pki_silent.template index 31b40ff9c..344bcf8b8 100755 --- a/pki/base/silent/templates/pki_silent.template +++ b/pki/base/silent/templates/pki_silent.template @@ -379,7 +379,9 @@ pki_silent_tps_log=/tmp/tps.log ## ca_signing_signingalgorithm - optionally specify the algorithm used by the CA signing cert to sign objects ## ca_ocsp_signing_signingalgorithm - optionally specify the algorithm used by the CA ocsp signing cert to sign objects ## - +## NOTE: Additional variables to specify the LDAP connection are as follows: +## remove_data - set to true/false. Remove any existing data found under the baseDN +## secure_conn - use the ldaps port ca_agent_name="CA\ Administrator\ of\ Instance\ ${ca_instance_name}\'s\ ${pki_security_domain_name}\ ID" ca_agent_key_size=2048 ca_agent_key_type=rsa @@ -418,12 +420,16 @@ ca_audit_signing_cert_subject_name="cn=CA\ Audit\ Signing\ Certificate,o=${pki_s ## sd_admin_port= ## sd_admin_name= ## sd_admin_password= +## clone_start_tls=false ## ## NOTES: ## 1. ca_clone_p12_file must be just the filename relative to the alias directory. ## So in the example above, ca_clone_p12_file="ca-master.p12" ## 2. sd_* refer to the CA where the security domain is hosted. ## 3. clone_uri has the following format: https://<hostname>:<EE port> fo the CA to be cloned +## 4. clone_start_tls can be set to true if we require replication between the master and clone databases +## to be encrypted using startTLS on the standard (non-ldaps) port. The databases must +## be ssl enabled first or the replication will fail. ## ## ADDITIONAL NOTES: ## 1. The clone CA and master CA cannot share the same database instance. A new @@ -521,11 +527,15 @@ ca_audit_signing_cert_subject_name="cn=CA\ Audit\ Signing\ Certificate,o=${pki_s ## kra_clone_p12_file= ## kra_clone_p12_password= ## kra_clone_uri= +## clone_start_tls=false ## ## NOTES: ## 1. drm_clone_p12_file must be just the filename relative to the alias directory. ## So in the example above, drm_clone_p12_file="drm-master.p12" ## 2. drm_clone_uri has the following format: https://<hostname>:<EE port> of the DRM to be cloned +## 3. clone_start_tls can be set to true if we require replication between the master and clone databases +## to be encrypted using startTLS on the standard (non-ldaps) port. The databases must +## be ssl enabled first or the replication will fail. ## ## ADDITIONAL NOTES: ## 1. The clone DRM and master DRM cannot share the same database instance. A new @@ -1175,6 +1185,7 @@ pkisilent ConfigureCA \ # -sd_admin_port ${sd_admin_port} \ # -sd_admin_name ${sd_admin_name} \ # -sd_admin_password ${sd_admin_password} \ +# -clone_start_tls ${clone_start_tls} \ # | tee ${pki_silent_ca_log} ## Restart CA @@ -1440,6 +1451,7 @@ pkisilent ConfigureDRM \ # -clone_p12_file ${kra_clone_p12_file} \ # -clone_p12_password ${kra_clone_p12_password} \ # -clone_uri ${kra_uri} \ +# -clone_start_tls ${clone_start_tls} \ # | tee ${pki_silent_kra_log} ## Restart drm diff --git a/pki/dogtag/common-ui/shared/admin/console/config/databasepanel.vm b/pki/dogtag/common-ui/shared/admin/console/config/databasepanel.vm index 0a2253d30..36439b4e6 100644 --- a/pki/dogtag/common-ui/shared/admin/console/config/databasepanel.vm +++ b/pki/dogtag/common-ui/shared/admin/console/config/databasepanel.vm @@ -41,6 +41,10 @@ function toggle_details() <div id=details style="display: none;"> <p> Each instance needs access to a Fedora Directory Server instance to store requests and records. Each PKI instance may create its own associated internal database, or may share an existing internal database. To share an existing internal database instance, a PKI instance would only need to establish a unique distinguished name (DN) using the field entitled <b>Base DN</b> and a unique database name using the field entitled <b>Database</b>. +#if ($clone == "clone") +<p> +If the replication between the masters and clones occurs on the non-SSL port, it is still possible to require the replication to be SSL encrypted by selecting <b> Use StartTLS with replication agreements</b> below. In order for this operation to be successful, the database instances must be SSL enabled before continuing beyond this panel. +#end </div> <p> <i>Note: If the Fedora Directory Server is at a remote host, it is highly recommended that SSL should be used.</i> @@ -88,6 +92,9 @@ Each instance needs access to a Fedora Directory Server instance to store reques </table> <input type="hidden" name="display" value=$displayStr /> +#if ($clone == "clone") + <input type="CHECKBOX" NAME="cloneStartTLS"/>Use StartTLS with replication agreements.<p> +#end <input type="CHECKBOX" NAME="removeData">Remove the existing data from the <b>Base DN</b> shown above.<p> <div align="right"> |