Re: LDAP and expired passwords

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Hi,

On Sat, Nov 1, 2008 at 15:42, Steve Thompson <smt@xxxxxxxxxxxx> wrote:
> Thank you very much Filipe

No problem!

LDAP with SSL is really tricky, as I said I implemented it some months
ago, and I'm sure I went through the same issues you are going now.

One thing I did in my setup was to configure the clients to query both
LDAP servers. To do that, I created a "star" certificate, like
CN=*.cbe.cornell.edu in your case, and then I created a new entry in
DNS doing round-robin between both IPs. Queries get split to both
servers, and if there is an update that falls on the slave, the
referral to the master by its own name will take care of doing the
update properly. The star certificate makes sure that connections
using any name (the RR or the master's name in case of updates) will
match the certificate.

HTH,
Filipe
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux