OPENLDAP & SSL -- FOR FAILOVER
by Borresen, John - 0442 - MITLL
Right now, we have two OpenLDAP servers running in Delta-syncrepl and
talking fine. All the clients are connecting to the primary over port 636.
The question is on the best (practices) way of getting the secondary server
into the certificate without re-hashing all the clients to the failover
1) Should I set up a Wildcard certificate?
2) Should I put both systems in the "subjectAltName" line and create the
3) DNS Round-Robin?
Not 100% sure in which direction to go.
Solaris/Linux Systems Administrator
Surveillance Systems Group
MIT Lincoln Laboratory
244 Wood Street
Lexington, MA 02420