Question:

 

Right now, we have two OpenLDAP servers running in Delta-syncrepl and talking fine.  All the clients are connecting to the primary over port 636.  The question is on the best (practices) way of getting the secondary server into the certificate without re-hashing all the clients to the failover server's certificate. 

 

1) Should I set up a Wildcard certificate?

2) Should I put both systems in the "subjectAltName" line and create the certifiate, etc?

3) DNS Round-Robin?

 

Not 100% sure in which direction to go. 

 

Dave Borresen

Solaris/Linux Systems Administrator

Surveillance Systems Group

MIT Lincoln Laboratory

244 Wood Street

Lexington, MA  02420

john.borresen@ll.mit.edu