LDAP clients
_________|______________________
|__________LoadBalancer1_________|
| | |
ldapserver1 ldapserver2 ldapserver3
Have three LDAP servers behind a load balancer. Certain client TLS requests seem to be failing like “id –a username” and system logins. However, using the ldapsearch command with the –Z options seems to work fine. I am assuming the problem has to do with load balancer’s hostname not matching what is in the ldap servers certificate. Have seen a couple of postings about using “subjectAltName” with the hostname of the load balancer in the certificate on the LDAP server. Have not been able to include the “subjectAltName” successfully.
Not sure what else to try.
Gerry