[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Multiple ldap servers, ssl, and dns round robin?
Yes, assuming you have at least version 2.0.15. of OpenLDAP.
See this thread:
http://www.openldap.org/lists/openldap-software/200110/msg00240.html
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Michael
> Cunningham
> Sent: Tuesday, November 27, 2001 11:03 PM
> To: openldap-software@OpenLDAP.org
> Cc: m.cunningham@xpedite.com
> Subject: Multiple ldap servers, ssl, and dns round robin?
>
>
> Hiya,
>
> I have 4 ldap servers that I would like to put in a
> dns round robin for performance reasons.
>
> ldap1.xpedite.com
> ldap2.xpedite.com
> ldap3.xpedite.com
> ldap4.xpedite.com
>
> I would like to use the name "ldap.xpedite.com"
> as the dns round robin name.
>
> ldap1 is the master ldap server and the rest are replicates.
> They currently replicate using ssl which I need to keep.
>
> The ssl certificates where generated using a FQDN.
> Example: ldaptest1.xpedite.com
>
> Replication via ssl works great and ssl transactions to each
> server individually using their real FQDN work well. When I
> attempt to access the round robin as ldap.xpedite.com, ssl
> transactions refuse to work. I realize that it is failing
> because the cert is generated for the FQDN of the individual
> server.. not the round robin name (ldap.xpedite.com).
> Is there a way I can give a server multiple names in a cert
> such as ldap1, ldap1.xpedite.com, ldap.xpedite.com, ldap, IP Addr, etc..
> so the client will accept the cert if it is called by
> ldap1.xpedite.com or ldap.xpedite.com, or etc.. ?
> Some sort of aliasing in ssl certs perhaps?
> I am using openssl to generate and self sign the ssl certificates.
>
> Thanks for any assistance you can offer..
>
> Mike
>