--On Tuesday, April 29, 2008 2:57 PM -0700 Howard Chu hyc@symas.com wrote:
Hm, that sounds like a lot of work, and a bit too indirect. If the only necessary selection criteria is the listener, then that should be used explicitly. One thing that we've often talked about is why the listener isn't part of the config data, instead of only supplied on the command-line...
I'm also skeptical about the motivation for this discussion. If you have separate certs from separate CAs, then you really have distinct security domains so I don't understand why you need them to share databases. You might as well just run separate slapds.
Multiple addresses from different domains on a given interface come to mind, where the database is particularly large, so you don't want to have multiple slapd's taking up the resources. That way each address could be secured via SSL, but access the same DB with a single slapd. Say, for example, x.google.org and y.google.com.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration