I have a few queries related to "dsa-password" command in CA Directory.
1. How the "dsa-password" command used to communicate with other DSAs during replication ?
2. Do we need to supply same password string for all the DSAs participating in replication ?
Thanks and Regards,
When a DSA needs to communicate with another DSA (either for chaining or replication) it will create a link. In X.500, this is called a DSP (Directory System Protocol) link. X.500 defines a directory service allowing multiple DSAs to service requests from a single entry point. There are 3 types of DSP link that can be created between 2 DSAs, one for each level of authentication (anonymous, clear-password, ssl-auth).
The authentication level is determines by how a client has authenticated against directory. For example, if a client has connected via LDAP using a userDN/password, then this request will be sent over a DSP clear-password authenticated link.
The reason I've gone into this level of detail is that the "dsa-password" field is used when creating a DSP link at the clear-password authentication level.
DSA A knowledge (Host 1 & Host2)
DSA B knowledge (Host 1 & Host2)
Note: DSP links are shared between users, that is requests received from multiple LDAP clients will be sent down the same DSP link.
Thanks for the detailed explanation regarding the communication between DSAs.