The subjectAltName should be a comma separated list of all the FQDNs
of your servers plus FQDN for the VIP as Chris just pointed out in
his reply.
On 11-09-11 3:28 PM, pradyumna dash wrote:
So i dont need to put the FQDN of the LB in the
cert, right ?
Please
correct me if am wrong, My client will point to the FQDN/IP of
the LB which will internally distribute the traffic across
the
3
backend LDAP servers, I was just confused whether to keep the
LB FQDN in the cert.
Regards,
Neo
On Sun, Sep 11, 2011 at 9:09 PM,
Daniel Qian <daniel@up247solution.com>
wrote:
The three servers
in the LB pool can share one certificate. When you
create the CSR for the certificate, you can specify
ldapserver1, ldapserver2 & ldapserver3 for the
subjectAltName field. Google with "subjectAltName" you
should be able to find a lot of information how to do
that.
On 11-09-11 2:48 PM, pradyumna dash wrote:
Guys,
Please
suggest !!
Regards,
Neo
On Fri, Sep 9, 2011 at
11:15 PM, pradyumna dash <neomatrixgem@gmail.com>
wrote:
Hi,
This
is the setup I would like to have.
LDAP clients
_____________|___________________
| __________LoadBalancer1_________ |
| | |
ldapserver1 ldapserver2 ldapserver3
My challange is I never did this kind of architecture before, So would like to know from LB prosepctive, How to configure it like
say i have to create a DNS FQDN e.g "ldapserver.example.com" and then use this as a floating IP/hostname for the 3 ldapservers
in the backend? or whats should be done? The network team will do the setup but i need to tell them what to do. My next question
would be i would like to configure LDAPS, so how to create the certificate i mean what to provide in common name or how to create a
certificate which can be shared across the servers, am using "openssl" ? I am using SLES 11(SP1) and the setup wiould be a Multi-Master
replication.
Please help.
Regards,
Neo
On Fri, Sep 9,
2011 at 8:14 PM, pradyumna dash <neomatrixgem@gmail.com>
wrote:
Hi,
Thanks
for the suggestion, but i never
did it before , if you can share a
doc or something would be great.
I
use the openssl to generate the
certificate, so even i dont know
how to configure subjectAltNames.
Also if you can explain a bit how
i should i proceed would be
appreciated.
Example
: ldap1.example.com
ldap2.example.com
So
in the load balancer what to
configure and how to create the
certificate.
Please
help.
Regards,
Pradyumna
On Fri,
Sep 9, 2011 at 7:35 PM, Quanah
Gibson-Mount <quanah@zimbra.com>
wrote:
--On Thursday,
September 08, 2011 10:17
PM +0200 pradyumna dash
< neomatrixgem@gmail.com>
wrote:
Hi,
I would like to setup
OpenLDAP Mater-Master
replication, before
that i
would like to know
something more about
it, because i
never implemented the
same.
Suppose i have 2
servers ldap1.example.com
and ldap2.example.com
I will configure M-M
replication with
LDAPS, in this
scenario how my
architecture should
be? Do i need to keep
it behind the
loadbalancer or
what are the steps to
do it?
How come the client
will come to know if
any of the server is
down, it
will talk to the other
server, because in my
ldap.conf file i will
have a
single URI/host entry
pointing to one of the
server and also how to
create the
certificate, do
i need 2 individiual
certificate 1 for
ldap1 and 1 for ldap2?
I would suggest a cert for
ldap1 and ldap2, both with
having subjectAltNames for a
load balanced name too, so
clients can work directly to
the servers and directly
with the LB name.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical
Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in
open source messaging and
collaboration
|