[Date Prev][Date Next] [Chronological] [Thread] [Top]

Syncrepl over TLS for mirrormode

To: openldap-technical@openldap.org
Subject: Syncrepl over TLS for mirrormode
From: Daniel Qian <daniel@up247solution.com>
Date: Fri, 26 Aug 2011 15:49:04 -0400
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0) Gecko/20110812 Thunderbird/6.0

From the openldap website the two nodes have to use different URLs like below:

       syncrepl      rid=001
                     provider=ldap://ldap-sid2.example.com
                     bindmethod=simple
                     binddn="cn=mirrormode,dc=example,dc=com"
                     credentials=mirrormode
                     searchbase="dc=example,dc=com"
                     schemachecking=on
                     type=refreshAndPersist
                     retry="60 +"
and 
       syncrepl      rid=001
                     provider=ldap://ldap-sid1.example.com
                     bindmethod=simple
                     binddn="cn=mirrormode,dc=example,dc=com"
                     credentials=mirrormode
                     searchbase="dc=example,dc=com"
                     schemachecking=on
                     type=refreshAndPersist
                     retry="60 +"

I can set two different certificates so that TLS is fine for sync between the two nodes. However we will have regular Ldap client access these two nodes behind a loadbalancer over TLS too. Obviously the client can't connect with ldap-sid2.example.com, nor with ldap-sid1.example.com. So what is the solution to this scenario? Setup a pool of consumers with same hostname?

Thanks,
Daniel

Follow-Ups:
- Re: Syncrepl over TLS for mirrormode
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: Syncrepl over TLS for mirrormode
  - From: Chris Jacobs <Chris.Jacobs@apollogrp.edu>

Prev by Date: Re: syncrepl consumer(with delta replication configuration) skipping updates
Next by Date: Re: Syncrepl over TLS for mirrormode
Index(es):
- Chronological
- Thread