[Date Prev][Date Next] [Chronological] [Thread] [Top]

SSL redundancy through an F5

To: OpenLDAP-software@OpenLDAP.org
Subject: SSL redundancy through an F5
From: Chris Lundell <chris.lundell@coat.com>
Date: Thu, 27 Jan 2005 09:52:20 -0500
Organization: Burlington Coat Factory
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225

Greetings,

Has anyone had any experience in getting multiple LDAP daemons to run SSL under an F5?

I'm using the "lowest" form of encryption - i.e., with no client-side verification. I only want to use a certificate and its key.

In "slapd.conf", I have the following directives:

TLSVerifyClient                 never
TLSCipherSuite                  HIGH:MEDIUM:SSLv2
TLSCertificateFile              /var/myca/ldapcert.pem
TLSCertificateKeyFile           /var/myca/ldapkey.pem

In "/etc/ldap.conf", I have "host" as "ldap-devel.coat.com", which points to a F5 pool (of the same name), which then distributes requests to two OpenLDAP daemons. The only ssl/tls directive activated in "/etc/ldap.conf" is "ssl on". I generated a new certificate with a common name of "ldap-devel.coat.com" for both OpenLDAP daemons and this didn't work. I initiate "slapd" with "-h ldap:/// ldaps:///". I don't want to supply multiple hosts in "/etc/ldap.conf".

My question may be more appropriate for another mailing list, but I thought I'd start here first. Thanks in advance for any advice.


Regards,
Chris Lundell

Prev by Date: Authenticating against windows servers using SASL
Next by Date: access to ou SUDOers ?
Index(es):
- Chronological
- Thread