[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antw: openldap database replication and multiple hosts TLScertificates question

To: "lux-integ" <lux-integ@btconnect.com>, <openldap-technical@openldap.org>
Subject: Antw: openldap database replication and multiple hosts TLScertificates question
From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
Date: Thu, 21 Nov 2013 15:51:16 +0100
Content-disposition: inline
In-reply-to: <201311211111.15669.lux-integ@btconnect.com>
References: <201311211111.15669.lux-integ@btconnect.com>

Hi!

See my message on the same subject a few weeks ago: Use the same path to store different server certificates and server keys. To every server points to the same file, but the files are not the same. It works...

Maybe for the developers: Wouldn't it make sense to allow a server certificate (and key) path depending on the server ID (i.e.: allow multiple server certificates (and keys))?

Regards,
Ulrich

>>> "lux-integ" <lux-integ@btconnect.com> schrieb am 21.11.2013 um 12:11 in
Nachricht <201311211111.15669.lux-integ@btconnect.com>:
> Greetings,
> 
> I am learning to configure/use openldap.  I have a question regarding   
> database replication   I have a primary openldap server.  I 
> prepared/installed  
> openssl certificates for the server  -and he slapd.conf has these lines
> 
> #--- Define SSL and TLS properties
> TLSCertificateFile    /etc/certs/ldap1stServerCert.pem
> TLSCertificateKeyFile /etc/certs/ldap1stServerKey.pem
> TLSCACertificateFile  /etc/certs/cacert.pem 
> #---if client authentication is/isNOT required 
> TLSVerifyClient demand 
> 
> I want to replicate the database over two other hosts. Call these 2ndServer 
> and 3rdserver.  Both of these computers  ALSO have ssl certificates in 
> /etc/certs like  so:-
> 
> #### in  2nd  ldap host
> /etc/certs/ldap2ndServerCert.pem
> /etc/certs/ldap2ndServerKey.pem
> /etc/certs/cacert.pem 
> 
> 
> #### in  3rd  ldap host
> /etc/certs/ldap3rdServerCert.pem
> /etc/certs/ldap3rdServerKey.pem
> /etc/certs/cacert.pem 
> 
> 
> As regards these  certificates  (the fact that they are not the same ) I 
> would 
> like to know what happens when I try to do  replication..  I am following 
> the 
> guides 
> 18.3.1.1. Syncrepl configuration   ( 
> http://www.openldap.org/doc/admin24/replication.html  )
> and 
> 18.3.2. Delta-syncrepl    ( also from   
> http://www.openldap.org/doc/admin24/replication.html )
> 
> ( In otherwords is is best to remove the certificates and  install after  
> replication or whatever. )
> 
> Thanks in advance
> 
> sincerely
> LuxInteg

References:
- openldap database replication and multiple hosts TLScertificates question
  - From: "lux-integ" <lux-integ@btconnect.com>

Prev by Date: openldap database replication and multiple hosts TLScertificates question
Next by Date: Re: fwd field
Index(es):
- Chronological
- Thread