15.5. Configuring Bootstrap Credentials


When you use bind distinguished name (DN) groups in a replication agreement, there can be situations where the group is not present or outdated:
  • During online initialization where you must authenticate to the replica before the database is initialized
  • When you use GSSAPI as authentication method and the Kerberos credentials are changed
If you configured bootstrap credentials in a replication agreement, Directory Server uses these credentials in case that the connection failed because one of the following errors:
  • LDAP_INVALID_CREDENTIALS (err=49)
  • LDAP_INAPPROPRIATE_AUTH (err=48)
  • LDAP_NO_SUCH_OBJECT (err=32)
If the bind succeeds with the bootstrap credentials, the server establishes the replication connection and a new replication session begins. This allows any updates to the bind DN group members to be updated. By default on the next replication session, Directory Server uses the default credentials in the agreement, that now succeeds.
The bootstrap credentials also fail, Directory Server stops trying to connect.

Procedure

To set the bootstrap credentials when you create a replication agreement:
# dsconf -D "cn=Directory Manager" ldap://supplier.example.com repl-agmt create ... --bootstrap-bind-dn "bind_DN" --bootstrap-bind-passwd "password" --bootstrap-bind-method bind_method --bootstrap-conn-protocol connection protocol ...
To set the bootstrap credentials in an existing replication agreement:
# dsconf -D "cn=Directory Manager" ldap://supplier.example.com repl-agmt set --suffix="suffix" --bootstrap-bind-dn "bind_DN" --bootstrap-bind-passwd "password" --bootstrap-bind-method bind_method --bootstrap-conn-protocol connection protocol agreement_name
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.