Hi All,
Which one of the case below is suitable for a Multi-Master replication. I
have a load balancer with
ldap.domain.com, which is what clients will use to
authenticate.
Question:
Which one is a better implementation? What are the trade-offs? Please input
your feedback as it might be useful for someone coming this way later. This
can serve as a knowledge bank.
Case-I
ldap01: server-cert with
cn=ldap01.domain.com,
subjAltName=ldap.domain.com
ldap02: server-cert with
cn=ldap02.domain.com,
subjAltName=ldap.domain.com
-MMR with tls throws error when ³Check hostname against name in certificate
for outbound SSL connections² option is enabled. But RH recommends it to be
turned ON.
Case-II
ldap01: server-cert with
cn=ldap.domain.com,
subjAltName=ldap01.domain.com,
ldap02.domain.com
ldap01: server-cert with
cn=ldap.domain.com,
subjAltName=ldap01.domain.com,ldap02.domain.com
-Does not comply with the requirement that ³server-cert² should have
hostname as cn.I found this method working perfectly fine.
Knowledge Sharing:
Here¹s a useful link which I use all the time and look before posting to the
list. This is the archive for the mailing list and has search feature which
very useful.
http://www.mail-archive.com/fedora-directory-users@redhat.com/info.html