Remember to include the VIP name in the subjectaltname list - some clients ignore the subject name if subjectaltname exists.
- chris Chris Jacobs, Systems Administrator, Technology Services Group Apollo Group | Apollo Marketing and Product Development� |� Aptimus, Inc. 2001 6th Ave� |� Suite 3200� |� Seattle, WA 98121 direct 206.839.8245� |� cell 206.601.3256� |� fax 206.839.8106 email mailto:[email protected] ________________________________ From: [email protected] <[email protected]> To: [email protected] <[email protected]> Sent: Sun Sep 11 12:09:30 2011 Subject: Re: Need Help On Master-Master Replication Setup!! The three servers in the LB pool can share one certificate. When you create the CSR for the certificate, you can specify ldapserver1, ldapserver2 & ldapserver3 for the subjectAltName field. Google with "subjectAltName" you should be able to find a lot of information how to do that. On 11-09-11 2:48 PM, pradyumna dash wrote: Guys, Please suggest !! Regards, Neo On Fri, Sep 9, 2011 at 11:15 PM, pradyumna dash <[email protected]<mailto:[email protected]>> wrote: Hi, This is the setup I would like to have. LDAP clients _____________|___________________ | __________LoadBalancer1_________ | | | | ldapserver1 ldapserver2 ldapserver3 My challange is I never did this kind of architecture before, So would like to know from LB prosepctive, How to configure it like say i have to create a DNS FQDN e.g "ldapserver.example.com<http://ldapserver.example.com>" and then use this as a floating IP/hostname for the 3 ldapservers in the backend? or whats should be done? The network team will do the setup but i need to tell them what to do. My next question would be i would like to configure LDAPS, so how to create the certificate i mean what to provide in common name or how to create a certificate which can be shared across the servers, am using "openssl" ? I am using SLES 11(SP1) and the setup wiould be a Multi-Master replication. Please help. Regards, Neo On Fri, Sep 9, 2011 at 8:14 PM, pradyumna dash <[email protected]<mailto:[email protected]>> wrote: Hi, Thanks for the suggestion, but i never did it before , if you can share a doc or something would be great. I use the openssl to generate the certificate, so even i dont know how to configure subjectAltNames. Also if you can explain a bit how i should i proceed would be appreciated. Example : ldap1.example.com<http://ldap1.example.com> ldap2.example.com<http://ldap2.example.com> So in the load balancer what to configure and how to create the certificate. Please help. Regards, Pradyumna On Fri, Sep 9, 2011 at 7:35 PM, Quanah Gibson-Mount <[email protected]<mailto:[email protected]>> wrote: --On Thursday, September 08, 2011 10:17 PM +0200 pradyumna dash <[email protected]<mailto:[email protected]>> wrote: Hi, I would like to setup OpenLDAP Mater-Master replication, before that i would like to know something more about it, because i never implemented the same. Suppose i have 2 servers ldap1.example.com<http://ldap1.example.com> and ldap2.example.com<http://ldap2.example.com> I will configure M-M replication with LDAPS, in this scenario how my architecture should be? Do i need to keep it behind the loadbalancer or what are the steps to do it? How come the client will come to know if any of the server is down, it will talk to the other server, because in my ldap.conf file i will have a single URI/host entry pointing to one of the server and also how to create the certificate, do i need 2 individiual certificate 1 for ldap1 and 1 for ldap2? I would suggest a cert for ldap1 and ldap2, both with having subjectAltNames for a load balanced name too, so clients can work directly to the servers and directly with the LB name. --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration ________________________________ This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
