[Date Prev][Date Next]
Re: certificate warnings
On Tue, 16 Mar 2010, Brett @Google wrote:
A hack might be to add the "external" name to /etc/hosts on each
syncrepl client with the correct ip for each syncrepl server, but was
hoping for something better.
Proper answers for the scenario you set out have already been discussed,
but on this "change the scenario" front, I might also suggest connecting
to the external name on the external IP. Of course you'll eat some switch
resources and might need to consider your topology/ACLs (for both OpenLDAP
and the network) to keep things secure, but that's all one-time
investment. Once completed, your current and future consumers enjoy a
config that makes a lot more sense to the human eye moving forward.