[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: failover config: servers with same DNS address and TLS, subjectAltName extension

To: quanah@zimbra.com (Quanah Gibson-Mount), openldap-software@openldap.org
Subject: Re: failover config: servers with same DNS address and TLS, subjectAltName extension
From: manu@netbsd.org (Emmanuel Dreyfus)
Date: Mon, 23 Jul 2007 22:09:33 +0200
In-reply-to: <4C80A2DB7D4B6733ED0C82F5@deus-ex.zimbra.com>
User-agent: MacSOUP/2.7 (unregistered for 185 days)

Quanah Gibson-Mount <quanah@zimbra.com> wrote:

> Just note that using SSL over port 636 is not a defined protocol, and may
> go away in the future.  Avoidance of its use when possible recommended.

I have this in /etc/services:
ldaps           636/tcp    ldap protocol over TLS/SSL (was sldap)

And checking the authoritative source confirms it's registered.  
http://www.iana.org/assignments/port-numbers

So what's wrong with LDAP/SSL over port 636?

> > Make sure rid is different on srv1 and srv2.
> RID only needs to be unique inside a single configuration (i.e., for a
> single slapd instance).  Both your replicas could use the same RID.

I wasn't aware, thank you for the comment.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org

Follow-Ups:
- Re: failover config: servers with same DNS address and TLS, subjectAltName extension
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: failover config: servers with same DNS address and TLS, subjectAltName extension
  - From: Russ Allbery <rra@stanford.edu>

References:
- Re: failover config: servers with same DNS address and TLS, subjectAltName extension
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: failover config: servers with same DNS address and TLS, subjectAltName extension
Next by Date: Re: failover config: servers with same DNS address and TLS, subjectAltName extension
Index(es):
- Chronological
- Thread