[Date Prev][Date Next]
RE: Secure Replication in a Redundant System
I can help you with the SSL bit, having just figured it out myself.
In your openssl.cnf add the following in the [usr_cert] section:
Now you can generate certificates for te correct hostname of the servers
and they will also
Work with ldap.mycompany.com, use the correct hostname for replication
and have clients make
Their requests to ldap.mycompany.com.
Be sure to point your ldap.conf on the clients to the correct CA cert
for this to work.
If you still have problems contact me off the list.
Sr. Support Engineer
Addamark Technologies, Inc.
CELL: +1 415-640-6392
[mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of Quanah
Sent: Tuesday, August 17, 2004 8:55 AM
Subject: Re: Secure Replication in a Redundant System
--On Tuesday, August 17, 2004 6:28 PM +0800 Louis Casambre
> Hi all,
> I've been working on putting together a secure LDAP system with
> multiple slaves for redundancy. So far so good, we now have 1 master
> and 3 slaves with their clients capable of querying any of them using
> TLS and SASL/Kerberos.
> Now I'd like use a DNS entry like ldap.mydomain.com so that the load
> will "evenly" distribute among them. My problem is that would I have
> to change the SSL certificates to match their generic FQDN, but then
> how would I refer to them for replication?
You could simply use SASL/Kerberos for the replication, which will be
secure as well, rather than SSL for that bit.
Principal Software Developer
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html