Right now, we have two OpenLDAP servers running in Delta-syncrepl and talking fine. All the clients are connecting to the primary over port 636. The question is on the best (practices) way of getting the secondary server into the certificate without re-hashing all the clients to the failover server's certificate.
1) Should I set up a Wildcard certificate?
2) Should I put both systems in the "subjectAltName" line and create the certifiate, etc?
3) DNS Round-Robin?
Not 100% sure in which direction to go.
Solaris/Linux Systems Administrator
Surveillance Systems Group
MIT Lincoln Laboratory
244 Wood Street
Lexington, MA 02420
Description: S/MIME cryptographic signature