[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: failover config: servers with same DNS address and TLS, subjectAltName extension



Quanah Gibson-Mount <quanah@zimbra.com> wrote:

> Just note that using SSL over port 636 is not a defined protocol, and may
> go away in the future.  Avoidance of its use when possible recommended.

I have this in /etc/services:
ldaps           636/tcp    ldap protocol over TLS/SSL (was sldap)

And checking the authoritative source confirms it's registered.  
http://www.iana.org/assignments/port-numbers
 
So what's wrong with LDAP/SSL over port 636?

> > Make sure rid is different on srv1 and srv2.
> RID only needs to be unique inside a single configuration (i.e., for a
> single slapd instance).  Both your replicas could use the same RID.

I wasn't aware, thank you for the comment.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org