OPENLDAP & SSL -- FOR FAILOVER
by Borresen, John - 0442 - MITLL
Question:
Right now, we have two OpenLDAP servers running in Delta-syncrepl and
talking fine. All the clients are connecting to the primary over port 636.
The question is on the best (practices) way of getting the secondary server
into the certificate without re-hashing all the clients to the failover
server's certificate.
1) Should I set up a Wildcard certificate?
2) Should I put both systems in the "subjectAltName" line and create the
certifiate, etc?
3) DNS Round-Robin?
Not 100% sure in which direction to go.
Dave Borresen
Solaris/Linux Systems Administrator
Surveillance Systems Group
MIT Lincoln Laboratory
244 Wood Street
Lexington, MA 02420
john.borresen(a)ll.mit.edu