Hi everyone, I was able to make a 2-way Multimaster replication (including configuration) with TLS, by specifying "manually" the certificate (and key) for the 2nd server (certificate different from the 1st server). The servers replicated, OK.
But after the "first replication", the cn=config of the 2nd now contains the TLSCertificateFile and TLSCertificateKeyFile of the 1st server, which is point less. The 2nd server can't now start, because it can't find its certificate (and key), which is normal ...
Is it possible to specify "multiple" certificates in the cn=config file ?
Or should I go with using alternateSubjectAltName in certificates (which is not pretty) ?
I would really want to go to multimaster for configuration for the following (source of typing faults) elements : - authz-regexp - schema - acl - overlays configuration$
I'm using OpenLDAP 2.4.11 compiled from source on RHEL4U5.
Thanks in advance for any answer, Sincerely yours, Mathieu MILLET.
-- Mathieu MILLET mailto:ldap@htam.net
On Tue, 9 Sep 2008, Mathieu MILLET wrote: ...
But after the "first replication", the cn=config of the 2nd now contains the TLSCertificateFile and TLSCertificateKeyFile of the 1st server, which is point less. The 2nd server can't now start, because it can't find its certificate (and key), which is normal ...
Is it possible to specify "multiple" certificates in the cn=config file ?
Not that I know of, but it's easy enough to use a common path for each option (say /etc/openldap/server.crt and /etc/openldap/server.key) and then make those symlinks to the correct files for the local server.
Philip Guenther
On Tue, 9 Sep 2008 21:44:55 -0700, Philip Guenther guenther+ldapsoft@sendmail.com wrote:
On Tue, 9 Sep 2008, Mathieu MILLET wrote: ...
But after the "first replication", the cn=config of the 2nd now contains the TLSCertificateFile and TLSCertificateKeyFile of the 1st server,
which
is point less. The 2nd server can't now start, because it can't find its certificate (and key), which is normal ...
Is it possible to specify "multiple" certificates in the cn=config file
?
Not that I know of, but it's easy enough to use a common path for each option (say /etc/openldap/server.crt and /etc/openldap/server.key) and then make those symlinks to the correct files for the local server.
Of course. I Forgot to think about his.
Thank you very much.
Philip Guenther
Sincerely yours, Mathieu.
openldap-software@openldap.org
-
Mathieu MILLET -
Philip Guenther