[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Secure Replication in a Redundant System

--On Tuesday, August 17, 2004 6:28 PM +0800 Louis Casambre <rldpmddm@info.com.ph> wrote:

Hi all,

I've been working on putting together a secure LDAP system with multiple
slaves for redundancy. So far so good, we now have 1 master and 3 slaves
with their clients capable of querying any of them using TLS and

Now I'd like use a DNS entry like ldap.mydomain.com so that the load will
"evenly" distribute among them.  My problem is that would I have to change
the SSL certificates to match their generic FQDN, but then how would I
refer to them for replication?

You could simply use SASL/Kerberos for the replication, which will be secure as well, rather than SSL for that bit.


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html