[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Q: OpenLDAP In A 'Heartbeat' Cluster

To: openldap-software@OpenLDAP.org
Subject: Re: Q: OpenLDAP In A 'Heartbeat' Cluster
From: Turbo Fredriksson <turbo@bayour.com>
Date: 06 Mar 2003 18:39:27 +0100
In-reply-to: <330B6B7A1FFE1B4697293830478CB7E8012EFA04@dbtmailb.dbt.net>
Organization: LDAP/Kerberos expert wannabe
References: <330B6B7A1FFE1B4697293830478CB7E8012EFA04@dbtmailb.dbt.net>
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

>>>>> "Tim" == Tim Robbins <Tim.Robbins@ChoicePointPRG.net> writes:

    Tim> I am currently running OpenLDAP and replicating successfully
    Tim> from node 'A' to node 'B'.  I have installed the HA-Linux
    Tim> "heartbeat" cluster SW and successfully and fail over my
    Tim> logical IP address.  I am using TLS and can reach both nodes
    Tim> successfully using GQ with TLS enabled.  When I try and
    Tim> connect to the logical node, it errors saying that hostname
    Tim> does not match.  I have generated a seperate certifcate using
    Tim> the logical name and appended it to the cert file that is
    Tim> loaded in the slapd.conf.

    Tim> Is there anything else I have missed with regards to my
    Tim> configuration?

No. This is 'expected' behaviour... If you have the same cert on both
hosts, say it's for host 'ldap.domain.tld', then as long as you're 
refering to the LDAP server as 'ldap.domain.tld' is ok. But when you're
trying to reference the hosts individually ('ldap1.domain.tld' and/or
'ldap2.domain.tld' for example), then naturaly the FQDN of the cert
won't match...

It should be possible to add 'alias' (or additional CN entries) in a
cert, but I never managed to figure out how to do that...

References:
- Q: OpenLDAP In A 'Heartbeat' Cluster
  - From: Tim Robbins <Tim.Robbins@ChoicePointPRG.net>

Prev by Date: sasl / external : unable to get TLS client DN
Next by Date: RE: More questions on db-4.1
Index(es):
- Chronological
- Thread