[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Q: OpenLDAP In A 'Heartbeat' Cluster

>>>>> "Tim" == Tim Robbins <Tim.Robbins@ChoicePointPRG.net> writes:

    Tim> I am currently running OpenLDAP and replicating successfully
    Tim> from node 'A' to node 'B'.  I have installed the HA-Linux
    Tim> "heartbeat" cluster SW and successfully and fail over my
    Tim> logical IP address.  I am using TLS and can reach both nodes
    Tim> successfully using GQ with TLS enabled.  When I try and
    Tim> connect to the logical node, it errors saying that hostname
    Tim> does not match.  I have generated a seperate certifcate using
    Tim> the logical name and appended it to the cert file that is
    Tim> loaded in the slapd.conf.

    Tim> Is there anything else I have missed with regards to my
    Tim> configuration?

No. This is 'expected' behaviour... If you have the same cert on both
hosts, say it's for host 'ldap.domain.tld', then as long as you're 
refering to the LDAP server as 'ldap.domain.tld' is ok. But when you're
trying to reference the hosts individually ('ldap1.domain.tld' and/or
'ldap2.domain.tld' for example), then naturaly the FQDN of the cert
won't match...

It should be possible to add 'alias' (or additional CN entries) in a
cert, but I never managed to figure out how to do that...