Thank you so much, I will try it tomorrow in case of any issues will get back.
As suggested, I will put the FQDN of 3 LDAP servers and also the FQDN of the VIP in the cert and create it. Once again thanks for all your help. /Neo On Sun, Sep 11, 2011 at 9:32 PM, Daniel Qian <[email protected]>wrote: > The subjectAltName should be a comma separated list of all the FQDNs of > your servers plus FQDN for the VIP as Chris just pointed out in his reply. > > > On 11-09-11 3:28 PM, pradyumna dash wrote: > > So i dont need to put the FQDN of the LB in the cert, right ? > > Please correct me if am wrong, My client will point to the FQDN/IP of the > LB which will internally distribute the traffic across the > 3 backend LDAP servers, I was just confused whether to keep the LB FQDN in > the cert. > > Regards, > Neo > > On Sun, Sep 11, 2011 at 9:09 PM, Daniel Qian <[email protected]>wrote: > >> The three servers in the LB pool can share one certificate. When you >> create the CSR for the certificate, you can specify ldapserver1, ldapserver2 >> & ldapserver3 for the subjectAltName field. Google with "subjectAltName" you >> should be able to find a lot of information how to do that. >> >> >> On 11-09-11 2:48 PM, pradyumna dash wrote: >> >> Guys, >> >> Please suggest !! >> >> Regards, >> Neo >> >> On Fri, Sep 9, 2011 at 11:15 PM, pradyumna dash >> <[email protected]>wrote: >> >>> Hi, >>> >>> This is the setup I would like to have. >>> >>> LDAP clients >>> _____________|___________________ >>> >>> | __________LoadBalancer1_________ | >>> >>> | | | >>> ldapserver1 ldapserver2 ldapserver3 >>> >>> My challange is I never did this kind of architecture before, So would >>> like to know from LB prosepctive, How to configure it like >>> say i have to create a DNS FQDN e.g "ldapserver.example.com" and then use >>> this as a floating IP/hostname for the 3 ldapservers >>> >>> >>> in the backend? or whats should be done? The network team will do the >>> setup but i need to tell them what to do. My next question >>> would be i would like to configure LDAPS, so how to create the certificate >>> i mean what to provide in common name or how to create a >>> >>> >>> certificate which can be shared across the servers, am using "openssl" ? I >>> am using SLES 11(SP1) and the setup wiould be a Multi-Master >>> replication. >>> >>> >>> Please help. >>> >>> Regards, >>> Neo >>> >>> >>> On Fri, Sep 9, 2011 at 8:14 PM, pradyumna dash >>> <[email protected]>wrote: >>> >>>> Hi, >>>> >>>> Thanks for the suggestion, but i never did it before , if you can share >>>> a doc or something would be great. >>>> >>>> I use the openssl to generate the certificate, so even i dont know how >>>> to configure subjectAltNames. Also if you can explain a bit how i should i >>>> proceed would be appreciated. >>>> >>>> Example : ldap1.example.com ldap2.example.com >>>> >>>> So in the load balancer what to configure and how to create the >>>> certificate. >>>> >>>> Please help. >>>> >>>> Regards, >>>> Pradyumna >>>> >>>> >>>> On Fri, Sep 9, 2011 at 7:35 PM, Quanah Gibson-Mount >>>> <[email protected]>wrote: >>>> >>>>> --On Thursday, September 08, 2011 10:17 PM +0200 pradyumna dash < >>>>> [email protected]> wrote: >>>>> >>>>> Hi, >>>>>> >>>>>> >>>>>> I would like to setup OpenLDAP Mater-Master replication, before that i >>>>>> would like to know something more about it, because i >>>>>> never implemented the same. >>>>>> >>>>>> >>>>>> Suppose i have 2 servers ldap1.example.com and ldap2.example.com >>>>>> >>>>>> >>>>>> I will configure M-M replication with LDAPS, in this scenario how my >>>>>> architecture should be? Do i need to keep it behind the loadbalancer >>>>>> or >>>>>> what are the steps to do it? >>>>>> How come the client will come to know if any of the server is down, it >>>>>> will talk to the other server, because in my ldap.conf file i will >>>>>> have a >>>>>> single URI/host entry >>>>>> pointing to one of the server and also how to create the certificate, >>>>>> do >>>>>> i need 2 individiual certificate 1 for ldap1 and 1 for ldap2? >>>>>> >>>>> >>>>> I would suggest a cert for ldap1 and ldap2, both with having >>>>> subjectAltNames for a load balanced name too, so clients can work directly >>>>> to the servers and directly with the LB name. >>>>> >>>>> --Quanah >>>>> >>>>> >>>>> -- >>>>> >>>>> Quanah Gibson-Mount >>>>> Sr. Member of Technical Staff >>>>> Zimbra, Inc >>>>> A Division of VMware, Inc. >>>>> -------------------- >>>>> Zimbra :: the leader in open source messaging and collaboration >>>>> >>>> >>>> >>> >> >> > >
