--- Alex aka Magobin <magobin at gmail.com> wrote: > On mar, 2006-04-04 at 06:59 -0700, Susan wrote: > > > > --- Alex aka Magobin <magobin at gmail.com> wrote: > > > Ok...omit cluster...if I have a server Fedora DS (A) that it's ssl > > > server too...until A is alone I configure my clients to point at this > > > server for authentication and I tested it works perfectly..now I want > > > another server for load balancing replicated in > > > multimaster(B)...now...how can I set up ssl for this scenario ? This > > > > I have this exact setup. 2 FDSs, MMR over SSL. > > > > yes, you have this scenario like me...I maked my test with your help > too...but how can you authenticate clients?....They always point to cn > that exports CA...so if you maked CA on A...and you shutdown it DS is > still up in B but clients never login using B because CN is different > and they report that hostname does not match CN in peer certificate... If A is down, the clients go to B because of this entry: (in the client's /etc/openldap/ldap.conf): HOST cnyldap01 cnjldap01 Now, I'm not verifying the FDS identity so I'm not using FQDN but that's a minor point. If cnyldap01 is down, it goes to cnjldap01 immediately. There's about a half a second delay. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
