Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Anonymous_User Absent Member.
Absent Member.
356 views

How to keep session with two eDirectory?


I want to know about that when I configurated replica sync between two
eDirectory servers, the eDirectory how to keep session with eachother?
Did they generate certificate or credential when I configurated the
synchronization?
Or each server keep the username and password, when they need sesstion,
they just check the username and password again?


--
tss_swei
------------------------------------------------------------------------
tss_swei's Profile: https://forums.netiq.com/member.php?userid=8349
View this thread: https://forums.netiq.com/showthread.php?t=53542

Labels (1)
0 Likes
10 Replies
whitesocks Absent Member.
Absent Member.

Re: How to keep session with two eDirectory?


on TCP 524 model,not tcp 636 model


--
whitesocks
------------------------------------------------------------------------
whitesocks's Profile: https://forums.netiq.com/member.php?userid=714
View this thread: https://forums.netiq.com/showthread.php?t=53542

0 Likes
hendersj Acclaimed Contributor.
Acclaimed Contributor.

Re: How to keep session with two eDirectory?

On Tue, 26 May 2015 03:00:14 +0000, tss swei wrote:

> I want to know about that when I configurated replica sync between two
> eDirectory servers, the eDirectory how to keep session with eachother?
> Did they generate certificate or credential when I configurated the
> synchronization?
> Or each server keep the username and password, when they need sesstion,
> they just check the username and password again?


Servers authenticate to each other using a public key/private key pair.

It's managed by the system and nothing you need to be concerned with. 🙂

Jim
--
Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
Novell/SUSE/NetIQ Knowledge Partner
0 Likes
whitesocks Absent Member.
Absent Member.

Re: How to keep session with two eDirectory?


Hi
I want to know the key pair how to do work between two e-directory
server?we use tcp 524 port transfer data when the e-directory have been
changed,the key only use once or keep long connection between two
e-directory server?please help me.thanks!


--
whitesocks
------------------------------------------------------------------------
whitesocks's Profile: https://forums.netiq.com/member.php?userid=714
View this thread: https://forums.netiq.com/showthread.php?t=53542

0 Likes
Knowledge Partner
Knowledge Partner

Re: How to keep session with two eDirectory?

The keys are used as described by Jim, and it's a process so reliable in a
decade of working with eDirectory I do not even remember hearing rumors
about this ever being broken, or vulnerable to compromise.

If you have a business case that led you to ask this information then
sharing that may be more-useful, as I cannot imagine any need to dive into
the specifics, nor can I imagine any way to change anything about this
authentication without breaking the system entirely (keys are generated at
server creation time, and have he same qualities as the NDS password with
regard to non-reversibility, never transmitting anything cleartext, etc.).


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
whitesocks Absent Member.
Absent Member.

Re: How to keep session with two eDirectory?


Hi
I want to know two e-directory server communication encryption method
and how to work. Huawei build one product use e-directory,they test and
find e-directory sync not support encryption.So I want to know
e-directory how to do guarantee security.thanks for your help!


--
whitesocks
------------------------------------------------------------------------
whitesocks's Profile: https://forums.netiq.com/member.php?userid=714
View this thread: https://forums.netiq.com/showthread.php?t=53542

0 Likes
Knowledge Partner
Knowledge Partner

Re: How to keep session with two eDirectory?

Authentication between servers uses encryption techniques (public/private
keys) but the NCP traffic over the wire is not encrypted. Similarly, you
can opt to encrypt certain data (Universal Passwords are by default)
attribute by attribute so that encryption of actual data is implemented
for anything deemed sensitive, and this has been available for a long
time. In the forthcoming version, encryption of all traffic, regardless
of sensitivity, is an option as part of eDirectory. If encryption of all
data is desired today then using networking and encryption (VPN, VLAN,
etc.) is the easiest way, but historically the concern has been around
certain attributes and not all of the other connection management stuff
that NCP handles by default.

In other words, it's easier to steal a password than it is to sniff an
enterprise network (should be hard) and then decrypt the few attributes
that are rights-granting (encrypted, so should be impossible).

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Knowledge Partner
Knowledge Partner

Re: How to keep session with two eDirectory?

On Thu, 28 May 2015 17:09:05 +0000, ab wrote:

> Authentication between servers uses encryption techniques
> (public/private keys) but the NCP traffic over the wire is not
> encrypted.


Replication traffic can be (optionally) encrypted, if I recall the
settings correctly.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.microfocus.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
Knowledge Partner
Knowledge Partner

Re: How to keep session with two eDirectory?

Crap, you're right.... encrypted attributes are per-attribute, but
encrypted replication is for all traffic.

Thanks for the correction.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
hendersj Acclaimed Contributor.
Acclaimed Contributor.

Re: How to keep session with two eDirectory?

On Thu, 28 May 2015 16:56:01 +0000, whitesocks wrote:

> Hi I want to know two e-directory server communication encryption method
> and how to work. Huawei build one product use e-directory,they test and
> find e-directory sync not support encryption.So I want to know
> e-directory how to do guarantee security.thanks for your help!


eDirectory 8.8 has a feature to encrypt the synchronization traffic as
well - encrypted replication. There are some specific needs for versions
for all servers in a replica ring, but that is something that is
supported.

Jim
--
Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
Novell/SUSE/NetIQ Knowledge Partner
0 Likes
hendersj Acclaimed Contributor.
Acclaimed Contributor.

Re: How to keep session with two eDirectory?

On Thu, 28 May 2015 10:04:01 +0000, whitesocks wrote:

> Hi I want to know the key pair how to do work between two e-directory
> server?we use tcp 524 port transfer data when the e-directory have been
> changed,the key only use once or keep long connection between two
> e-directory server?please help me.thanks!


Servers stay connected to each other as communication is fairly constant
between servers in a replica ring.

Jim

--
Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
Novell/SUSE/NetIQ Knowledge Partner
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.