We use IPA to authenticate users for other systems e.g. Rundeck via
LDAP. We have a CNAME for the cluster of IPA masters and could use this
for authentication, but the connection would then be unencrypted. We
therefore use LDAPS, but this currently forces us to a single server in
the cluster so that Rundeck sees a valid SSL certificate. This means
that the authentication fails if that particular IPA master is down.

Is it possible to create a single SSL certificate that would support a
LDAPS connection to any of the IPA masters and, if so then how is this
done ?

Many thanks

Bob Hinton

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to