[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Syncrepl over TLS for mirrormode

To: daniel@up247solution.com, openldap-technical@openldap.org
Subject: Re: Syncrepl over TLS for mirrormode
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Fri, 26 Aug 2011 13:05:20 -0700
Content-disposition: inline
In-reply-to: <4E57F8B0.2060003@up247solution.com>
References: <4E57F8B0.2060003@up247solution.com>

--On Friday, August 26, 2011 3:49 PM -0400 Daniel Qian<daniel@up247solution.com> wrote:

I can set two different certificates so that TLS is fine for sync between
the two nodes. However we will have regular Ldap client access these two
nodes behind a loadbalancer over TLS too. Obviously the client can't
connect with ldap-sid2.example.com, nor with ldap-sid1.example.com. So
what is the solution to this scenario? Setup a pool of consumers with
same hostname?


Set "subjectAltName" in your certs requests.

--Quanah


--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

References:
- Syncrepl over TLS for mirrormode
  - From: Daniel Qian <daniel@up247solution.com>

Prev by Date: Syncrepl over TLS for mirrormode
Next by Date: Re: Syncrepl over TLS for mirrormode
Index(es):
- Chronological
- Thread