Terry L. Inzauro a écrit :
Benjamin Watine wrote:
Hi
I'm using heartbeat and drbd for openLDAP, and I would like to use TLS
on it. So I have to create cretificate and key files. But I would like
to have the same certificate on both node that run openLDAP.
Is there is a known way to do that ? Can I put certificate in drbd
volume and share it accross the 2 openLDAP servers ?
I think the problem is the same for apache-ssl, maybe there a good known
solution.
if this is an active passive cluster, then drbd will work just fine.
i assume that you are talking about the tls server cert/key pair for the open
ldap server. you can
(and should) use the same cert/key pair when failing over as i assume you want
the same setup to
follow the resource group (eg IP address, openldap etc. etc.)
can i ask why you are clustering open ldap servers? it's architecture was
designed similar to dns in
that you can have multiple servers (through syncrepl
http://www.openldap.org/doc/admin22/syncrepl.html ) servicing queries....
Yes, I know this, but I don't like so much the way ldap replicate
itselft. It seems to me not to be "solid" protocol, it can issue
desynchronisation between the two bases.
Also, multimaster is claimed to be unstable. If I don't use multimaster,
I have to change master to slave on the failed node, and slave to master
on other node, and to do this, I must modify conf file on the fly,
that's a bit heavy.
And finally, I have an apache server in the same resource group that use
drbd, so I prefer to use this too for openldap, it's much simple !
Thank you for your notice.
hope this helps.
_Terry
_______________________________________________
Linux-HA mailing list
[email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems
