On Thu, 19 Oct 2006, Howard Chu wrote:
April 2003 was the date the patch went into HEAD. It may have gone into a public release at a much later date, I didn't bother to check. The 2.2.x release series was moved to Historic status quite a while ago; if you're using something that old you're on your own. Nobody on the Project cares about what may or may not be true of dead code. You can compare the CVS logs if you want to know, but if you expect to get help from this mailing list you should use a current version of the code.
None the less in order to maintain support from the paid for vendor (as *politically* required) some of us do maintain systems with this and even older openldap versions. Unfortunately some of us live in worlds where what we should do and what we are required to do diverge. Perhaps a mailing list for historic version support might be an idea?
At any rate I can say that load balancers with SSL do work even on 2.0.27 (as that is what our current cluster of ldap servers are).
When you create the certificate simpley make the hostname in the cert the hostname of the cluster IP for your load balancer, then add the real server name as the subjectAltName of the certificate. This will allow you to replicate over SSL to the real server name (on the private network) and still query the cluster hostname with SSL and not get certificate errors.
Jeremiah, if you still have problems, send me privately the output from an ldap search using the command line
ldapsearch -Z -d1 ...(rest of your options)...
This should help in determining what the issue with SSL is.
Regards James