Re: failover config: servers with same DNS address and TLS, subjectAltName extension - Emmanuel Dreyfus - org.openldap.openldap-software

30 messages in org.openldap.openldap-softwareRe: failover config: servers with sam...

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	Re: failover config: servers with same DNS address and TLS, subjectAltName extension	Actions...
From:	Emmanuel Dreyfus (ma...@netbsd.org)
Date:	Jul 23, 2007 1:09:10 pm
List:	org.openldap.openldap-software

Quanah Gibson-Mount <qua...@zimbra.com> wrote:

Just note that using SSL over port 636 is not a defined protocol, and may go away in the future. Avoidance of its use when possible recommended.

I have this in /etc/services: ldaps 636/tcp ldap protocol over TLS/SSL (was sldap)

And checking the authoritative source confirms it's registered. http://www.iana.org/assignments/port-numbers

So what's wrong with LDAP/SSL over port 636?

Make sure rid is different on srv1 and srv2.

RID only needs to be unique inside a single configuration (i.e., for a single slapd instance). Both your replicas could use the same RID.

I wasn't aware, thank you for the comment.

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: