Hey,
thanks everyone. I think I will try to use a wildcard certificate
I will use a common name for my LDAP server and I won't use DNS round
robin or intelligent name server.
And I think my client will handle fail-over internally and connect
directly to each server.
Julien Courtès
Le 12/03/2014 17:53, Jon C Kidder a écrit :
The methods you use to successfully complete a TLS handshake are completely dependent
upon the methods you choose to implement "fail-over" to your second LDAP
server. Will you be using a common name and virtual IP? Will you be using a common
virtual name (DNS round robin or intelligent name server)? Will your client handle
fail-over internally and connect directly to each server?
Once we have the details around your fail-over solution we can provide more
advice on methods for handling the host name validation portion of your TLS
handshake.
-Jon C. Kidder
American Electric Power
Middleware Services
Email: [email protected]
Phone: 614-716-4970
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Julien Courtès
Sent: Wednesday, March 12, 2014 11:58 AM
To: [email protected]
Subject: TLS with multiple LDAP servers
This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN
attachments.
**********************************************************************
Hi,
I have two LDAP servers in master-slave
ldap1.domain.com - master
ldap2.domain.com - slave
These servers got different ip addresses and are hosted on different servers
But I want to enable TLS connection with clients.
So can I create a unique certificate that I put on both servers and the client will use one unique
certificate to connect to server "ldap1" or "ldap2" if the first one is down.
If not, how should I do?
I did a search and I found that I can use subjectAltNames or wildcard
certificat.
Thanks
Julien Courtès
