2 files changed, 20 insertions, 10 deletions

diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage
index 3b08abd4b..40e6d101a 100755
--- a/install/tools/ipa-csreplica-manage
+++ b/install/tools/ipa-csreplica-manage
@@ -341,7 +341,7 @@ def add_link(realm, replica1, replica2, dirman_passwd, options):
     except Exception, e:
         sys.exit("Failed to get data from '%s': %s" % (replica1, convert_error(e)))
 
-    repl1.setup_replication(replica2, PORT, 0, "cn=Directory Manager", dirman_passwd, True)
+    repl1.setup_replication(replica2, PORT, 0, "cn=Directory Manager", dirman_passwd, True, True)
     print "Connected '%s' to '%s'" % (replica1, replica2)
 
 def re_initialize(realm, options):
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index a6bd7af37..8c8502e3f 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -654,7 +654,9 @@ class ReplicationManager(object):
         self.replica_config(conn, replica_id, repldn)
         self.setup_changelog(conn)
 
-    def setup_replication(self, r_hostname, r_port=389, r_sslport=636, r_binddn=None, r_bindpw=None, starttls=False):
+    def setup_replication(self, r_hostname, r_port=389, r_sslport=636,
+                          r_binddn=None, r_bindpw=None, starttls=False,
+                          is_cs_replica=False):
         # note - there appears to be a bug in python-ldap - it does not
         # allow connections using two different CA certs
         if starttls:
@@ -679,14 +681,22 @@ class ReplicationManager(object):
         self.basic_replication_setup(r_conn, r_id,
                                      self.repl_man_dn, self.repl_man_passwd)
 
-        self.setup_agreement(r_conn, self.conn.host, port=r_port,
-                             repl_man_dn=self.repl_man_dn,
-                             repl_man_passwd=self.repl_man_passwd,
-                             master=True)
-        self.setup_agreement(self.conn, r_hostname, port=r_port,
-                             repl_man_dn=self.repl_man_dn,
-                             repl_man_passwd=self.repl_man_passwd,
-                             master=False)
+        if is_cs_replica:
+            self.setup_agreement(r_conn, self.conn.host, port=r_port,
+                                 repl_man_dn=self.repl_man_dn,
+                                 repl_man_passwd=self.repl_man_passwd,
+                                 master=True)
+            self.setup_agreement(self.conn, r_hostname, port=r_port,
+                                 repl_man_dn=self.repl_man_dn,
+                                 repl_man_passwd=self.repl_man_passwd,
+                                 master=False)
+        else:
+            self.setup_agreement(r_conn, self.conn.host, port=r_port,
+                                 repl_man_dn=self.repl_man_dn,
+                                 repl_man_passwd=self.repl_man_passwd)
+            self.setup_agreement(self.conn, r_hostname, port=r_port,
+                                 repl_man_dn=self.repl_man_dn,
+                                 repl_man_passwd=self.repl_man_passwd)
 
         #Finally start replication
         ret = self.start_replication(r_conn, master=True)