Prashanth Sundaram wrote: > Hi All, > > Which one of the case below is suitable for a Multi-Master > replication. I have a load balancer with/ ldap.domain.com,/ which is > what clients will use to authenticate. > > *_Question: > _*Which one is a better implementation? What are the trade-offs? > Please input your feedback as it might be useful for someone coming > this way later. This can serve as a knowledge bank. > > Case-I > ldap01: server-cert with cn=ldap01.domain.com, subjAltName=ldap.domain.com > ldap02: server-cert with cn=ldap02.domain.com, subjAltName=ldap.domain.com > -MMR with tls throws error when ?*Check hostname against name in > certificate for outbound SSL connections?* option is enabled. But RH > recommends it to be turned ON. What is the FQDN you specified in the replication agreement? > > Case-II > ldap01: server-cert with cn=ldap.domain.com, > subjAltName=ldap01.domain.com, ldap02.domain.com > ldap01: server-cert with cn=ldap.domain.com, > subjAltName=ldap01.domain.com,ldap02.domain.com > -Does not comply with the requirement that ?server-cert? should have > hostname as cn.I found this method working perfectly fine. > > *Knowledge Sharing: > *Here?s a useful link which I use all the time and look before posting > to the list. This is the archive for the mailing list and has /search/ > feature which very useful. > > http://www.mail-archive.com/fedora-directory-users at redhat.com/info.html > ------------------------------------------------------------------------ > > -- > 389 users mailing list > 389-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
