Hi, We use IPA to authenticate users for other systems e.g. Rundeck via LDAP. We have a CNAME for the cluster of IPA masters and could use this for authentication, but the connection would then be unencrypted. We therefore use LDAPS, but this currently forces us to a single server in the cluster so that Rundeck sees a valid SSL certificate. This means that the authentication fails if that particular IPA master is down.
Is it possible to create a single SSL certificate that would support a LDAPS connection to any of the IPA masters and, if so then how is this done ? Many thanks Bob Hinton -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project