[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: multiple servers in DNS and TLS

--On Monday, July 16, 2007 3:04 PM +0200 Emmanuel Dreyfus <manu@netbsd.org> wrote:


I hope this is not covered in a FAQ (I searched without success): how do
I configure clients to query multiple LDAP servers while using TLS?

Listing the servers in ldap.conf's URI works, but I'd prefer to have the
server list stored in DNS, as it would allow adding a server without the
need to change all clients configuration.

Having a rotative DNS for ldap.example.net cause the TLS checks to fail.

And OpenLDAP client library does not perform DNS SRV lookups.

OpenLDAP 2.4 will (just to note)

Is there some kind of trick to get this done properly?

Use a cert with a correct subjectAltName, or a wildcard cert.


Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration