Hi All,
Which one of the case below is suitable for a Multi-Master
replication. I have a load balancer with/ ldap.domain.com,/ which is
what clients will use to authenticate.
*_Question:
_*Which one is a better implementation? What are the trade-offs?
Please input your feedback as it might be useful for someone coming
this way later. This can serve as a knowledge bank.
Case-I
ldap01: server-cert with
cn=ldap01.domain.com,
subjAltName=ldap.domain.com
ldap02: server-cert with
cn=ldap02.domain.com,
subjAltName=ldap.domain.com
-MMR with tls throws error when “*Check hostname against name in
certificate for outbound SSL connections”* option is enabled. But RH
recommends it to be turned ON.
Case-II
ldap01: server-cert with
cn=ldap.domain.com,
subjAltName=ldap01.domain.com,
ldap02.domain.com
ldap01: server-cert with
cn=ldap.domain.com,
subjAltName=ldap01.domain.com,ldap02.domain.com
-Does not comply with the requirement that “server-cert” should have
hostname as cn.I found this method working perfectly fine.
*Knowledge Sharing:
*Here’s a useful link which I use all the time and look before posting
to the list. This is the archive for the mailing list and has /search/
feature which very useful.
http://www.mail-archive.com/fedora-directory-users@redhat.com/info.html
------------------------------------------------------------------------
--
389 users mailing list
389-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users