You mean to say if "server1.example.com" would be my VIP FQDN then the entries should be like this
subjectAltName = “DNS:server1.example.com, DNS:ldap-1.example.com, DNS: ldap-2.example.com,DNS: ldap-3.example.com” Regards, Neo On Sun, Sep 11, 2011 at 9:21 PM, Chris Jacobs <[email protected]>wrote: > Remember to include the VIP name in the subjectaltname list - some > clients ignore the subject name if subjectaltname exists. > > - chris > > Chris Jacobs, Systems Administrator, Technology Services Group > Apollo Group | Apollo Marketing and Product Development | Aptimus, Inc. > > 2001 6th Ave | Suite 3200 | Seattle, WA 98121 > direct 206.839.8245 | cell 206.601.3256 | fax 206.839.8106 > email mailto:[email protected] > > ------------------------------ > *From*: > [email protected]<[email protected]> > > *To*: [email protected] <[email protected]> > *Sent*: Sun Sep 11 12:09:30 2011 > *Subject*: Re: Need Help On Master-Master Replication Setup!! > > The three servers in the LB pool can share one certificate. When you > create the CSR for the certificate, you can specify ldapserver1, ldapserver2 > & ldapserver3 for the subjectAltName field. Google with "subjectAltName" you > should be able to find a lot of information how to do that. > > On 11-09-11 2:48 PM, pradyumna dash wrote: > > Guys, > > Please suggest !! > > Regards, > Neo > > On Fri, Sep 9, 2011 at 11:15 PM, pradyumna dash <[email protected]>wrote: > >> Hi, >> >> This is the setup I would like to have. >> >> LDAP clients >> _____________|___________________ >> >> | __________LoadBalancer1_________ | >> >> | | | >> ldapserver1 ldapserver2 ldapserver3 >> >> My challange is I never did this kind of architecture before, So would like >> to know from LB prosepctive, How to configure it like >> say i have to create a DNS FQDN e.g "ldapserver.example.com" and then use >> this as a floating IP/hostname for the 3 ldapservers >> >> >> in the backend? or whats should be done? The network team will do the setup >> but i need to tell them what to do. My next question >> would be i would like to configure LDAPS, so how to create the certificate >> i mean what to provide in common name or how to create a >> >> >> certificate which can be shared across the servers, am using "openssl" ? I >> am using SLES 11(SP1) and the setup wiould be a Multi-Master >> replication. >> >> >> Please help. >> >> Regards, >> Neo >> >> >> On Fri, Sep 9, 2011 at 8:14 PM, pradyumna dash <[email protected]>wrote: >> >>> Hi, >>> >>> Thanks for the suggestion, but i never did it before , if you can share a >>> doc or something would be great. >>> >>> I use the openssl to generate the certificate, so even i dont know how to >>> configure subjectAltNames. Also if you can explain a bit how i should i >>> proceed would be appreciated. >>> >>> Example : ldap1.example.com ldap2.example.com >>> >>> So in the load balancer what to configure and how to create the >>> certificate. >>> >>> Please help. >>> >>> Regards, >>> Pradyumna >>> >>> >>> On Fri, Sep 9, 2011 at 7:35 PM, Quanah Gibson-Mount >>> <[email protected]>wrote: >>> >>>> --On Thursday, September 08, 2011 10:17 PM +0200 pradyumna dash < >>>> [email protected]> wrote: >>>> >>>> Hi, >>>>> >>>>> >>>>> I would like to setup OpenLDAP Mater-Master replication, before that i >>>>> would like to know something more about it, because i >>>>> never implemented the same. >>>>> >>>>> >>>>> Suppose i have 2 servers ldap1.example.com and ldap2.example.com >>>>> >>>>> >>>>> I will configure M-M replication with LDAPS, in this scenario how my >>>>> architecture should be? Do i need to keep it behind the loadbalancer or >>>>> what are the steps to do it? >>>>> How come the client will come to know if any of the server is down, it >>>>> will talk to the other server, because in my ldap.conf file i will have >>>>> a >>>>> single URI/host entry >>>>> pointing to one of the server and also how to create the certificate, >>>>> do >>>>> i need 2 individiual certificate 1 for ldap1 and 1 for ldap2? >>>>> >>>> >>>> I would suggest a cert for ldap1 and ldap2, both with having >>>> subjectAltNames for a load balanced name too, so clients can work directly >>>> to the servers and directly with the LB name. >>>> >>>> --Quanah >>>> >>>> >>>> -- >>>> >>>> Quanah Gibson-Mount >>>> Sr. Member of Technical Staff >>>> Zimbra, Inc >>>> A Division of VMware, Inc. >>>> -------------------- >>>> Zimbra :: the leader in open source messaging and collaboration >>>> >>> >>> >> > > > ------------------------------ > This message is private and confidential. If you have received it in error, > please notify the sender and remove it from your system. > >
