The three servers in the LB pool can share one certificate. When you
create the CSR for the certificate, you can specify ldapserver1,
ldapserver2 & ldapserver3 for the subjectAltName field. Google with
"subjectAltName" you should be able to find a lot of information how to
do that.
On 11-09-11 2:48 PM, pradyumna dash wrote:
Guys,
Please suggest !!
Regards,
Neo
On Fri, Sep 9, 2011 at 11:15 PM, pradyumna dash
<[email protected] <mailto:[email protected]>> wrote:
Hi,
This is the setup I would like to have.
LDAP clients
_____________|___________________
| __________LoadBalancer1_________ |
| | |
ldapserver1 ldapserver2 ldapserver3
My challange is I never did this kind of architecture before, So would
like to know from LB prosepctive, How to configure it like
say i have to create a DNS FQDN e.g "ldapserver.example.com
<http://ldapserver.example.com>" and then use this as a floating IP/hostname for the
3 ldapservers
in the backend? or whats should be done? The network team will do the
setup but i need to tell them what to do. My next question
would be i would like to configure LDAPS, so how to create the
certificate i mean what to provide in common name or how to create a
certificate which can be shared across the servers, am using "openssl" ?
I am using SLES 11(SP1) and the setup wiould be a Multi-Master
replication.
Please help.
Regards,
Neo
On Fri, Sep 9, 2011 at 8:14 PM, pradyumna dash
<[email protected] <mailto:[email protected]>> wrote:
Hi,
Thanks for the suggestion, but i never did it before , if you
can share a doc or something would be great.
I use the openssl to generate the certificate, so even i dont
know how to configure subjectAltNames. Also if you can explain
a bit how i should i proceed would be appreciated.
Example : ldap1.example.com <http://ldap1.example.com>
ldap2.example.com <http://ldap2.example.com>
So in the load balancer what to configure and how to create
the certificate.
Please help.
Regards,
Pradyumna
On Fri, Sep 9, 2011 at 7:35 PM, Quanah Gibson-Mount
<[email protected] <mailto:[email protected]>> wrote:
--On Thursday, September 08, 2011 10:17 PM +0200 pradyumna
dash <[email protected]
<mailto:[email protected]>> wrote:
Hi,
I would like to setup OpenLDAP Mater-Master
replication, before that i
would like to know something more about it, because i
never implemented the same.
Suppose i have 2 servers ldap1.example.com
<http://ldap1.example.com> and ldap2.example.com
<http://ldap2.example.com>
I will configure M-M replication with LDAPS, in this
scenario how my
architecture should be? Do i need to keep it behind
the loadbalancer or
what are the steps to do it?
How come the client will come to know if any of the
server is down, it
will talk to the other server, because in my ldap.conf
file i will have a
single URI/host entry
pointing to one of the server and also how to create
the certificate, do
i need 2 individiual certificate 1 for ldap1 and 1 for
ldap2?
I would suggest a cert for ldap1 and ldap2, both with
having subjectAltNames for a load balanced name too, so
clients can work directly to the servers and directly with
the LB name.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and
collaboration
