30 messages in org.openldap.openldap-softwareRe: failover config: servers with sam...| From | Sent On | Attachments |
|---|---|---|
| Emmanuel Dreyfus | Jul 23, 2007 6:50 am | |
| Quanah Gibson-Mount | Jul 23, 2007 11:01 am | |
| Emmanuel Dreyfus | Jul 23, 2007 1:09 pm | |
| Quanah Gibson-Mount | Jul 23, 2007 1:18 pm | |
| Russ Allbery | Jul 23, 2007 4:35 pm | |
| Christopher Cowart | Jul 23, 2007 7:40 pm | |
| Howard Chu | Jul 23, 2007 9:58 pm | |
| Emmanuel Dreyfus | Jul 24, 2007 1:02 am | |
| Howard Chu | Jul 24, 2007 1:54 am | |
| Emmanuel Dreyfus | Jul 24, 2007 12:18 pm | |
| Quanah Gibson-Mount | Jul 25, 2007 8:52 am | |
| Emmanuel Dreyfus | Jul 25, 2007 9:06 am | |
| Quanah Gibson-Mount | Jul 25, 2007 9:47 am | |
| Michael Ströder | Jul 25, 2007 9:53 am | |
| Emmanuel Dreyfus | Jul 25, 2007 10:36 am | |
| Quanah Gibson-Mount | Jul 25, 2007 10:46 am | |
| Howard Chu | Jul 25, 2007 2:31 pm | |
| Michael Ströder | Jul 25, 2007 2:38 pm | |
| Howard Chu | Jul 25, 2007 2:44 pm | |
| Russ Allbery | Jul 25, 2007 2:45 pm | |
| Norman Gaywood | Jul 25, 2007 3:04 pm | |
| Emmanuel Dreyfus | Jul 25, 2007 8:30 pm | |
| Emmanuel Dreyfus | Jul 25, 2007 8:31 pm | |
| Howard Chu | Jul 25, 2007 11:17 pm | |
| Ralf Haferkamp | Jul 26, 2007 1:27 am | |
| Emmanuel Dreyfus | Jul 26, 2007 4:04 am | |
| Emmanuel Dreyfus | Jul 26, 2007 4:04 am | |
| Donn Cave | Jul 26, 2007 9:38 am | |
| Ralf Haferkamp | Jul 26, 2007 11:46 am | |
| Howard Chu | Jul 27, 2007 2:13 am |
| Subject: | Re: failover config: servers with same DNS address and TLS, subjectAltName extension | |
|---|---|---|
| From: | Quanah Gibson-Mount (qua...@zimbra.com) | |
| Date: | Jul 23, 2007 11:01:16 am | |
| List: | org.openldap.openldap-software | |
--On July 23, 2007 1:51:19 PM +0000 Emmanuel Dreyfus <ma...@netbsd.org> wrote:
For future reference, here is what I had to do to get multiple LDAP servers answering on the same DNS address and using TLS.
The clients have this in ldap.conf: BASE dc=example,dc=net TLS_CACERT /etc/openssl/certs/ca.crt URI ldaps://ldap.example.net:636 TLS_REQCERT demand # Cannot get this working! # TLS_CRLCHECK peer
Just note that using SSL over port 636 is not a defined protocol, and may go away in the future. Avoidance of its use when possible recommended.
4) Having this working with syncrepl
4.1) On the syncrepl consumer (srv1 and srv2), in slapd.conf: syncrepl rid=24 type=refreshAndPersist searchbase="dc=example,dc=net" starttls=critical bindmethod=sasl saslmech=EXTERNAL retry=3,1,10,2,60,+
Make sure rid is different on srv1 and srv2.
RID only needs to be unique inside a single configuration (i.e., for a single slapd instance). Both your replicas could use the same RID.
--Quanah
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
-------------------- Zimbra :: the leader in open source messaging and collaboration