[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: certificate warnings

On Tue, 16 Mar 2010, Brett @Google wrote:

A hack might be to add the "external" name to /etc/hosts on each syncrepl client with the correct ip for each syncrepl server, but was hoping for something better.

Proper answers for the scenario you set out have already been discussed, but on this "change the scenario" front, I might also suggest connecting to the external name on the external IP. Of course you'll eat some switch resources and might need to consider your topology/ACLs (for both OpenLDAP and the network) to keep things secure, but that's all one-time investment. Once completed, your current and future consumers enjoy a config that makes a lot more sense to the human eye moving forward.