The three servers in the LB pool can share one certificate. When you
create the CSR for the certificate, you can specify ldapserver1,
ldapserver2 & ldapserver3 for the subjectAltName field. Google
with "subjectAltName" you should be able to find a lot of
information how to do that.
On 11-09-11 2:48 PM, pradyumna dash wrote:
Guys,
Please
suggest !!
Regards,
Neo
On Fri, Sep 9, 2011 at 11:15 PM,
pradyumna dash <neomatrixgem@gmail.com>
wrote:
Hi,
This is the
setup I would like to have.
LDAP clients
_____________|___________________
| __________LoadBalancer1_________ |
| | |
ldapserver1 ldapserver2 ldapserver3
My challange is I never did this kind of architecture before, So would like to know from LB prosepctive, How to configure it like
say i have to create a DNS FQDN e.g "ldapserver.example.com" and then use this as a floating IP/hostname for the 3 ldapservers
in the backend? or whats should be done? The network team will do the setup but i need to tell them what to do. My next question
would be i would like to configure LDAPS, so how to create the certificate i mean what to provide in common name or how to create a
certificate which can be shared across the servers, am using "openssl" ? I am using SLES 11(SP1) and the setup wiould be a Multi-Master
replication.
Please help.
Regards,
Neo
On Fri, Sep 9, 2011 at 8:14 PM,
pradyumna dash <neomatrixgem@gmail.com>
wrote:
Hi,
Thanks
for the suggestion, but i never did it before , if
you can share a doc or something would be great.
I use
the openssl to generate the certificate, so even i
dont know how to configure subjectAltNames. Also
if you can explain a bit how i should i proceed
would be appreciated.
Example
: ldap1.example.com
ldap2.example.com
So in
the load balancer what to configure and how to
create the certificate.
Please
help.
Regards,
Pradyumna
On Fri, Sep 9, 2011 at
7:35 PM, Quanah Gibson-Mount <quanah@zimbra.com>
wrote:
--On Thursday, September 08, 2011
10:17 PM +0200 pradyumna dash < neomatrixgem@gmail.com>
wrote:
Hi,
I would like to setup OpenLDAP
Mater-Master replication, before that
i
would like to know something more
about it, because i
never implemented the same.
Suppose i have 2 servers ldap1.example.com
and ldap2.example.com
I will configure M-M replication with
LDAPS, in this scenario how my
architecture should be? Do i need to
keep it behind the loadbalancer or
what are the steps to do it?
How come the client will come to know
if any of the server is down, it
will talk to the other server, because
in my ldap.conf file i will have a
single URI/host entry
pointing to one of the server and also
how to create the certificate, do
i need 2 individiual certificate 1 for
ldap1 and 1 for ldap2?
I would suggest a cert for ldap1 and ldap2,
both with having subjectAltNames for a load
balanced name too, so clients can work
directly to the servers and directly with
the LB name.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source
messaging and collaboration
|