[Date Prev][Date Next]
Re: failover config: servers with same DNS address and TLS, subjectAltName extension
--On July 23, 2007 1:51:19 PM +0000 Emmanuel Dreyfus <firstname.lastname@example.org>
For future reference, here is what I had to do to get multiple LDAP
servers answering on the same DNS address and using TLS.
The clients have this in ldap.conf:
# Cannot get this working!
# TLS_CRLCHECK peer
Just note that using SSL over port 636 is not a defined protocol, and may
go away in the future. Avoidance of its use when possible recommended.
4) Having this working with syncrepl
4.1) On the syncrepl consumer (srv1 and srv2), in slapd.conf:
Make sure rid is different on srv1 and srv2.
RID only needs to be unique inside a single configuration (i.e., for a
single slapd instance). Both your replicas could use the same RID.
Principal Software Engineer
Zimbra :: the leader in open source messaging and collaboration