Re: failover config: servers with same DNS address and TLS, subjectAltName extension
Quanah Gibson-Mount <quanah(a)zimbra.com> wrote:
Just note that using SSL over port 636 is not a defined protocol, and
may
go away in the future. Avoidance of its use when possible recommended.
I have this in /etc/services:
ldaps 636/tcp ldap protocol over TLS/SSL (was sldap)
And checking the authoritative source confirms it's registered.
http://www.iana.org/assignments/port-numbers
So what's wrong with LDAP/SSL over port 636?
> Make sure rid is different on srv1 and srv2.
RID only needs to be unique inside a single configuration (i.e., for a
single slapd instance). Both your replicas could use the same RID.
I wasn't aware, thank you for the comment.
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu(a)netbsd.org