Full_Name: Andreas Hasenack Version: 2.1.29 OS: Linux 2.6.x URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (200.140.247.99) I have a slapd.conf with two database definitions. Each one of these databases has a replogfile directive specifying diferent files and is replicated to a slave server. slapd has no problem with this: both replication log files are written correctly. slurpd, however, only monitors one file, probably the first replogfile directive it encounters while parsing the configuration file. This is unexpected.
changed notes
The workaround doesn't work for TLS because openldap can only serve one certificate. One cannot use two different names for the slave and only one certificate, because the common name won't match and the TLS connection will error.
Ups, wrong ITS, sorry.
andreas@conectiva.com.br wrote: > The workaround doesn't work for TLS because openldap can only serve one certificate. > One cannot use two different names for the slave and only one certificate, because > the common name won't match and the TLS connection will error. Then you must add subjectAltName extensions to your server certificate listing all the valid names for the server. -- -- Howard Chu Chief Architect, Symas Corp. Director, Highland Sun http://www.symas.com http://highlandsun.com/hyc Symas: Premier OpenSource Development and Support
On Mon, Jul 19, 2004 at 10:20:40AM -0700, Howard Chu wrote: > andreas@conectiva.com.br wrote: > > >The workaround doesn't work for TLS because openldap can only serve one > >certificate. > >One cannot use two different names for the slave and only one certificate, > >because > >the common name won't match and the TLS connection will error. > > Then you must add subjectAltName extensions to your server certificate > listing all the valid names for the server. Hmm, I see... There is really no intention of fixing this issue, is there? ;)
andreas@conectiva.com.br wrote: > On Mon, Jul 19, 2004 at 10:20:40AM -0700, Howard Chu wrote: >>>The workaround doesn't work for TLS because openldap can only serve one >>>certificate. >>>One cannot use two different names for the slave and only one certificate, >>>because >>>the common name won't match and the TLS connection will error. >> >>Then you must add subjectAltName extensions to your server certificate >>listing all the valid names for the server. > Hmm, I see... There is really no intention of fixing this issue, is there? ;) None of the project developers has taken any interest in this issue, but you can always submit a patch that would be considered for incorporation. -- -- Howard Chu Chief Architect, Symas Corp. Director, Highland Sun http://www.symas.com http://highlandsun.com/hyc Symas: Premier OpenSource Development and Support
moved from Incoming to Software Enhancements
changed notes changed state Open to Closed
moved from Software Enhancements to Archive.Software Enhancements
dup of #1119