> [EMAIL PROTECTED] alias]# ../shared/bin/certutil -L -d . > CA certificate CTu,u,u > NJ-Server-Cert u,u,u > NJ-admin-server-cert u,u,u > NY-Server-Cert u,u,u > NY-admin-server-cert u,u,u > yes, more or less like me..I didn't configure admin
> Now, for the floating IP. If you've two nodes, node1 & node2 and a VIP, > ldap.com and your outside > clients talk to ldap.com and your certs are signed with node1 & node2 then > I'm guessing SSL > verification will fail. You're trying to talk to ldap.com but your certs are > signed with node1/2 > -- no go. For this end to end SSL to work, you'd need an SSL terminator IN > FRONT of the FDS > servers, something that will impersonate ldap.com, return a cert for ldap.com > and then turn around > and encrypt the traffic again, passing it to either node1 or node2. A cute > little problem is what > to do when the ssl proxy fails? :) Unfortunately too much complicated for me at this moment :-( > The thing is like this. What is the problem you are trying to solve? Why > have two FDS servers in > 1 location? Why have the virtual IP? It really doesn't buy you a whole lot. > Ok Susan..the problem is configuring Fedora DS in cluster scenario; I have two options: 1) Configuring Fedora DS in GFS file system so I can move DS from nodo1 to nodo2 if it for some reason fails 2) Taking advantage to multi master replication to make the same thing...but in this case I have to configure floating IP and an entry in dns that point to ip because I don't want that client points directly to nodes ...Second option is better because in this way I can make a load balancing...but even if I use real name and real ip address of nodo1 and nodo2 the problem is SSL....of course, I can use wildcards as Rob says...but in that case is a whole security > Have 2 FDSs insist but then list all of them in the clients' ldap.conf -- no > problem. Please can U explain this?...how can I configure clients' ldap.conf to listen both server in SSL mode? thanks...like always Alex -- Fedora-directory-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-directory-users
