[Date Prev][Date Next] [Chronological] [Thread] [Top]

Multiple ldap servers, ssl, and dns round robin?

To: openldap-software@OpenLDAP.org
Subject: Multiple ldap servers, ssl, and dns round robin?
From: Michael Cunningham <archive@xpedite.com>
Date: Wed, 28 Nov 2001 02:03:15 -0500 (EST)
Cc: m.cunningham@xpedite.com

Hiya,

I have 4 ldap servers that I would like to put in a 
dns round robin for performance reasons. 

ldap1.xpedite.com
ldap2.xpedite.com
ldap3.xpedite.com
ldap4.xpedite.com

I would like to use the name "ldap.xpedite.com"
as the dns round robin name. 

ldap1 is the master ldap server and the rest are replicates. 
They currently replicate using ssl which I need to keep. 

The ssl certificates where generated using a FQDN. 
Example: ldaptest1.xpedite.com

Replication via ssl works great and ssl transactions to each 
server individually using their real FQDN work well. When I 
attempt to access the round robin as ldap.xpedite.com, ssl
transactions refuse to work. I realize that it is failing 
because the cert is generated for the FQDN of the individual
server.. not the round robin name (ldap.xpedite.com). 
Is there a way I can give a server multiple names in a cert
such as ldap1, ldap1.xpedite.com, ldap.xpedite.com, ldap, IP Addr, etc..
so the client will accept the cert if it is called by
ldap1.xpedite.com or ldap.xpedite.com, or etc.. ? 
Some sort of aliasing in ssl certs perhaps? 
I am using openssl to generate and self sign the ssl certificates.

Thanks for any assistance you can offer.. 

Mike

Follow-Ups:
- RE: Multiple ldap servers, ssl, and dns round robin?
  - From: "Howard Chu" <hyc@highlandsun.com>
- Re: Multiple ldap servers, ssl, and dns round robin?
  - From: Markus Benning <benning@erlm.siemens.de>

Prev by Date: slurpd queries and Failover
Next by Date: netscape adressbook ldap schema
Index(es):
- Chronological
- Thread