Re: Need Help On Master-Master Replication Setup!!

[Daniel Qian]

The subjectAltName should be a comma separated list of all the FQDNs of 
your servers plus FQDN for the VIP as Chris just pointed out in his reply.

On 11-09-11 3:28 PM, pradyumna dash wrote:
So i dont need to put the FQDN of the LB in the cert, right ?
Please correct me if am wrong, My client will point to the FQDN/IP of 
the LB which will internally distribute the traffic across the
3 backend LDAP servers, I was just confused whether to keep the LB 
FQDN in the cert.

Regards,
Neo

On Sun, Sep 11, 2011 at 9:09 PM, Daniel Qian <dan...@up247solution.com 
<mailto:dan...@up247solution.com>> wrote:

    The three servers in the LB pool can share one certificate. When
    you create the CSR for the certificate, you can specify
    ldapserver1, ldapserver2 & ldapserver3 for the subjectAltName
    field. Google with "subjectAltName" you should be able to find a
    lot of information how to do that.


    On 11-09-11 2:48 PM, pradyumna dash wrote:
    Guys,

    Please suggest !!

    Regards,
    Neo

    On Fri, Sep 9, 2011 at 11:15 PM, pradyumna dash
    <neomatrix...@gmail.com <mailto:neomatrix...@gmail.com>> wrote:

        Hi,

        This is the setup I would like to have.

                           LDAP clients
            _____________|___________________

          | __________LoadBalancer1_________  |

                        |                 |               |
                ldapserver1  ldapserver2  ldapserver3

          My challange is I never did this kind of architecture before, So 
would like to know from LB prosepctive, How to configure  it like
          say i have to create a DNS FQDN e.g "ldapserver.example.com  
<http://ldapserver.example.com>" and then use this as a floating IP/hostname for the 
3 ldapservers


          in the backend? or whats should be done? The network team will do the 
setup but i need to tell them what to do.  My next question
          would be i would like to configure LDAPS, so how to create the 
certificate i mean what to provide in common name or how to create a


          certificate which can be shared across the servers, am using 
"openssl" ? I am using SLES 11(SP1) and the setup wiould be a Multi-Master
          replication.


           Please help.

          Regards,
          Neo


        On Fri, Sep 9, 2011 at 8:14 PM, pradyumna dash
        <neomatrix...@gmail.com <mailto:neomatrix...@gmail.com>> wrote:

            Hi,

            Thanks for the suggestion, but i never did it before , if
            you can share a doc or something would be great.

            I use the openssl to generate the certificate, so even i
            dont know how to configure subjectAltNames. Also if you
            can explain a bit how i should i proceed would be
            appreciated.

            Example : ldap1.example.com <http://ldap1.example.com>
            ldap2.example.com <http://ldap2.example.com>

            So in the load balancer what to configure and how to
            create the certificate.

            Please help.

            Regards,
            Pradyumna


            On Fri, Sep 9, 2011 at 7:35 PM, Quanah Gibson-Mount
            <qua...@zimbra.com <mailto:qua...@zimbra.com>> wrote:

                --On Thursday, September 08, 2011 10:17 PM +0200
                pradyumna dash <neomatrix...@gmail.com
                <mailto:neomatrix...@gmail.com>> wrote:

                    Hi,


                    I would like to setup OpenLDAP Mater-Master
                    replication, before that i
                    would like to know something more about it, because i
                    never implemented the same.


                    Suppose i have 2 servers ldap1.example.com
                    <http://ldap1.example.com> and ldap2.example.com
                    <http://ldap2.example.com>


                    I will configure M-M replication with LDAPS, in
                    this scenario how my
                    architecture should be? Do i need to keep it
                    behind the loadbalancer or
                    what are the steps to do it?
                    How come the client will come to know if any of
                    the server is down, it
                    will talk to the other server, because in my
                    ldap.conf file i will have a
                    single URI/host entry
                    pointing to one of the server and also how to
                    create the certificate, do
                    i need 2 individiual certificate 1 for ldap1 and
                    1 for ldap2?


                I would suggest a cert for ldap1 and ldap2, both with
                having subjectAltNames for a load balanced name too,
                so clients can work directly to the servers and
                directly with the LB name.

                --Quanah


                --

                Quanah Gibson-Mount
                Sr. Member of Technical Staff
                Zimbra, Inc
                A Division of VMware, Inc.
                --------------------
                Zimbra ::  the leader in open source messaging and
                collaboration