[Date Prev][Date Next] [Chronological] [Thread] [Top]

SSL redundancy through an F5


Has anyone had any experience in getting multiple LDAP daemons to run SSL under an F5?

I'm using the "lowest" form of encryption - i.e., with no client-side verification. I only want to use a certificate and its key.

In "slapd.conf", I have the following directives:

TLSVerifyClient                 never
TLSCipherSuite                  HIGH:MEDIUM:SSLv2
TLSCertificateFile              /var/myca/ldapcert.pem
TLSCertificateKeyFile           /var/myca/ldapkey.pem

In "/etc/ldap.conf", I have "host" as "ldap-devel.coat.com", which points to a F5 pool (of the same name), which then distributes requests to two OpenLDAP daemons. The only ssl/tls directive activated in "/etc/ldap.conf" is "ssl on". I generated a new certificate with a common name of "ldap-devel.coat.com" for both OpenLDAP daemons and this didn't work. I initiate "slapd" with "-h ldap:/// ldaps:///". I don't want to supply multiple hosts in "/etc/ldap.conf".

My question may be more appropriate for another mailing list, but I thought I'd start here first. Thanks in advance for any advice.

Regards, Chris Lundell