From the openldap website the two nodes have to use different URLs
like below:
syncrepl rid=001
provider=ldap://ldap-sid2.example.com
bindmethod=simple
binddn="cn=mirrormode,dc=example,dc=com"
credentials=mirrormode
searchbase="dc=example,dc=com"
schemachecking=on
type=refreshAndPersist
retry="60 +"
and
syncrepl rid=001
provider=ldap://ldap-sid1.example.com
bindmethod=simple
binddn="cn=mirrormode,dc=example,dc=com"
credentials=mirrormode
searchbase="dc=example,dc=com"
schemachecking=on
type=refreshAndPersist
retry="60 +"
I can set two different certificates so that TLS is fine for sync
between the two nodes. However we will have regular Ldap client
access these two nodes behind a loadbalancer over TLS too. Obviously
the client can't connect with ldap-sid2.example.com, nor with
ldap-sid1.example.com. So what is the solution to this scenario?
Setup a pool of consumers with same hostname?
Thanks,
Daniel