On 4/24/06, Samuel Tran <[EMAIL PROTECTED]> wrote: > On Mon, 2006-04-24 at 10:55 -0400, Jeremiah Martell wrote: > > I'm having some troubles with using SSL over a LDAP load balancer. > > Without SSL everything works fine, but when I turn on SSL I get a > > failure. But if I use SSL and bypass the load balancer and point > > directly to a LDAP directry everything works fine again. > > > > Is there something tricky or special I need to know to get this to work? > > > > Hi Jeremiah, > > What is the error message you got when trying to communicate with the > LDAP load balancer over SSL? What DNS names did you use to contact the > load balancer and each individual LDAP server? How did you create the > SSL certificates for the LDAP servers? > > I suspect that you haven't created the SSL certificates for the LDAP > servers with the 'SubjectAltName' field set to the DNS name of the load > balancer. > > Hope this helps. > > Sam > > > >
I know the load balancer is setup properly because another ldap client can connect to it with SSL and do searches ok. The error message I got was just "-1" unable to connect. With my openldap client I have the TLS_REQCERT option set to "never" in ldap.conf, so it shouldnt be a bad name in the certificate, right? Using Ethereal it looks like a valid SSL session is initiated, but then there's no SSL data traffic afterwards. I'm at a loss as to what could be causing this. Any ideas on what to try or look for? Thanks! -- - Jeremiah [EMAIL PROTECTED]
