[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Need Help On Master-Master Replication Setup!!



Thank you so much, I will try it tomorrow in case of any issues will get back.

As suggested, I will put the FQDN of 3 LDAP servers and also the FQDN of the VIP in the cert and create it.

Once again thanks for all your help.

/Neo

On Sun, Sep 11, 2011 at 9:32 PM, Daniel Qian <daniel@up247solution.com> wrote:
The subjectAltName should be a comma separated list of all the FQDNs of your servers plus FQDN for the VIP as Chris just pointed out in his reply.


On 11-09-11 3:28 PM, pradyumna dash wrote:
So i dont need to put the FQDN of the LB in the cert, right ?

Please correct me if am wrong, My client will point to the FQDN/IP of the LB which will internally distribute the traffic across the 
3 backend LDAP servers, I was just confused whether to keep the LB FQDN in the cert.

Regards,
Neo

On Sun, Sep 11, 2011 at 9:09 PM, Daniel Qian <daniel@up247solution.com> wrote:
The three servers in the LB pool can share one certificate. When you create the CSR for the certificate, you can specify ldapserver1, ldapserver2 & ldapserver3 for the subjectAltName field. Google with "subjectAltName" you should be able to find a lot of information how to do that.


On 11-09-11 2:48 PM, pradyumna dash wrote:
Guys,

Please suggest !!

Regards,
Neo

On Fri, Sep 9, 2011 at 11:15 PM, pradyumna dash <neomatrixgem@gmail.com> wrote:
Hi,

This is the setup I would like to have.

                  LDAP clients
   _____________|___________________

 | __________LoadBalancer1_________  |

               |                 |               |
       ldapserver1  ldapserver2  ldapserver3

 My challange is I never did this kind of architecture before, So would like to know from LB prosepctive, How to configure  it like 
 say i have to create a DNS FQDN e.g "ldapserver.example.com" and then use this as a floating IP/hostname for the 3 ldapservers


 in the backend? or whats should be done? The network team will do the setup but i need to tell them what to do.  My next question
 would be i would like to configure LDAPS, so how to create the certificate i mean what to provide in common name or how to create a


 certificate which can be shared across the servers, am using "openssl" ? I am using SLES 11(SP1) and the setup wiould be a Multi-Master 
 replication.


  Please help.

 Regards,
 Neo

On Fri, Sep 9, 2011 at 8:14 PM, pradyumna dash <neomatrixgem@gmail.com> wrote:
Hi,

Thanks for the suggestion, but i never did it before , if you can share a doc or something would be great.

I use the openssl to generate the certificate, so even i dont know how to configure subjectAltNames. Also if you can explain a bit how i should i proceed would be appreciated.

Example :  ldap1.example.com    ldap2.example.com

So in the load balancer what to configure and how to create the certificate.

Please help.

Regards,
Pradyumna


On Fri, Sep 9, 2011 at 7:35 PM, Quanah Gibson-Mount <quanah@zimbra.com> wrote:
--On Thursday, September 08, 2011 10:17 PM +0200 pradyumna dash <neomatrixgem@gmail.com> wrote:

Hi,


I would like to setup OpenLDAP Mater-Master replication, before that i
would like to know something more about it, because i
never implemented the same.


Suppose i have 2 servers    ldap1.example.com and ldap2.example.com


I will configure M-M replication with LDAPS, in this scenario how my
architecture should be? Do i need to keep it behind the loadbalancer or
what are the steps to do it?
How come the client will come to know if any of the server is down, it
will talk to the other server, because in my ldap.conf file i will have a
single URI/host entry 
pointing to one of the server and also how to create the certificate, do
i need 2 individiual certificate 1 for ldap1 and 1 for ldap2?

I would suggest a cert for ldap1 and ldap2, both with having subjectAltNames for a load balanced name too, so clients can work directly to the servers and directly with the LB name.

--Quanah


--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration