[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Secure Replication in a Redundant System

To: OpenLDAP-software@OpenLDAP.org
Subject: Re: Secure Replication in a Redundant System
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Tue, 17 Aug 2004 08:55:25 -0700
Content-disposition: inline
In-reply-to: <ENEMJAOCIPGCLIIINDHIIEPKCAAA.rldpmddm@info.com.ph>
References: <ENEMJAOCIPGCLIIINDHIIEPKCAAA.rldpmddm@info.com.ph>

--On Tuesday, August 17, 2004 6:28 PM +0800 Louis Casambre <rldpmddm@info.com.ph> wrote:

Hi all,

I've been working on putting together a secure LDAP system with multiple
slaves for redundancy. So far so good, we now have 1 master and 3 slaves
with their clients capable of querying any of them using TLS and
SASL/Kerberos.

Now I'd like use a DNS entry like ldap.mydomain.com so that the load will
"evenly" distribute among them.  My problem is that would I have to change
the SSL certificates to match their generic FQDN, but then how would I
refer to them for replication?

You could simply use SASL/Kerberos for the replication, which will be secure as well, rather than SSL for that bit.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- RE: Secure Replication in a Redundant System
  - From: "Jeff Saxton" <jsaxton@addamark.com>

References:
- Secure Replication in a Redundant System
  - From: "Louis Casambre" <rldpmddm@info.com.ph>

Prev by Date: Re: Secure Replication in a Redundant System
Next by Date: Re: Search filter
Index(es):
- Chronological
- Thread