Hi, Julien; I had almost the same question a few months back. It was recommended to me to use wildcard certificates. Though my configuration is a Multi-Master and not a true master/slave. John -----Original Message----- From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Julien Courtès Sent: Wednesday, March 12, 2014 11:58 AM To: openldap-technical@openldap.org Subject: TLS with multiple LDAP servers Hi, I have two LDAP servers in master-slave ldap1.domain.com - master ldap2.domain.com - slave These servers got different ip addresses and are hosted on different servers But I want to enable TLS connection with clients. So can I create a unique certificate that I put on both servers and the client will use one unique certificate to connect to server "ldap1" or "ldap2" if the first one is down. If not, how should I do? I did a search and I found that I can use subjectAltNames or wildcard certificat. Thanks Julien Courtès
Attachment:
smime.p7s
Description: S/MIME cryptographic signature