[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: load balancer with SSL

To: Jeremiah Martell <inlovewithgod@gmail.com>
Subject: Re: load balancer with SSL
From: James Bourne <jbourne@mtroyal.ca>
Date: Thu, 19 Oct 2006 10:28:33 -0600 (MDT)
Cc: Howard Chu <hyc@symas.com>, OpenLDAP Software List <OpenLDAP-software@openldap.org>, Dieter Kluenter <dieter@dkluenter.de>
In-reply-to: <45379F53.7070107@symas.com>
References: <233eb300604240755n531cf8e2vbca23c8e476a2938@mail.gmail.com> <1146083365.6026.9.camel@zephyr.internal.amnh.org> <233eb300604270446m4c1a2c12hb1fefbafe41e3cdb@mail.gmail.com> <233eb300606090658i1f5fa8bfx940f6f3d185aadbf@mail.gmail.com> <1149866630.28931.7.camel@localhost> <4489BFBC.2020009@symas.com> <233eb300610180942h1341837bjb2d3386389ffd229@mail.gmail.com> <87zmbt5wfd.fsf@rubin.l4b.de> <233eb300610181113r3052e175m6cf08ad5db462af1@mail.gmail.com> <87mz7t5npf.fsf@rubin.l4b.de> <233eb300610190654o6bbb005cs159fef079ece5fd6@mail.gmail.com> <45379F53.7070107@symas.com>

On Thu, 19 Oct 2006, Howard Chu wrote:

April 2003 was the date the patch went into HEAD. It may have gone into a public release at a much later date, I didn't bother to check. The 2.2.x release series was moved to Historic status quite a while ago; if you're using something that old you're on your own. Nobody on the Project cares about what may or may not be true of dead code. You can compare the CVS logs if you want to know, but if you expect to get help from this mailing list you should use a current version of the code.


None the less in order to maintain support from the paid for vendor (as
*politically* required) some of us do maintain systems with this and even older
openldap versions.  Unfortunately some of us live in worlds where what we
should do and what we are required to do diverge.  Perhaps a mailing list
for historic version support might be an idea?

At any rate I can say that load balancers with SSL do work even on 2.0.27
(as that is what our current cluster of ldap servers are).

When you create the certificate simpley make the hostname in the cert the
hostname of the cluster IP for your load balancer, then add the real server
name as the subjectAltName of the certificate.  This will allow you to
replicate over SSL to the real server name (on the private network) and
still query the cluster hostname with SSL and not get certificate errors.

Jeremiah, if you still have problems, send me privately the output from an
ldap search using the command line

ldapsearch -Z -d1 ...(rest of your options)...

This should help in determining what the issue with SSL is.

Regards
James
--
James Bourne, Senior Systems Administrator
Mount Royal College, Calgary, AB, CA
www.mtroyal.ca

"There are only 10 types of people in this world: those who
understand binary and those who don't."

*****************************************************************************

This  communication  is intended for the use  of the recipient to which it is
addressed,  and  may  contain  confidential,  personal,  and   or  privileged
information.  Please  contact  the  sender  immediately  if  you  are not the
intended recipient of this  communication, and  do not  copy, distribute,  or
take action relying on it. Any communication received in error, or subsequent
reply, should be deleted or destroyed.

*****************************************************************************

Follow-Ups:
- historic list (Was: load balancer with SSL)
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: load balancer with SSL
  - From: Howard Chu <hyc@symas.com>
- Re: load balancer with SSL
  - From: Howard Chu <hyc@symas.com>

References:
- Re: load balancer with SSL
  - From: "Jeremiah Martell" <inlovewithgod@gmail.com>
- Re: load balancer with SSL
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: load balancer with SSL
  - From: "Jeremiah Martell" <inlovewithgod@gmail.com>
- Re: load balancer with SSL
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: load balancer with SSL
Next by Date: historic list (Was: load balancer with SSL)
Index(es):
- Chronological
- Thread