Hi,
On Sat, Nov 1, 2008 at 15:42, Steve Thompson smt@vgersoft.com wrote:
Thank you very much Filipe
No problem!
LDAP with SSL is really tricky, as I said I implemented it some months ago, and I'm sure I went through the same issues you are going now.
One thing I did in my setup was to configure the clients to query both LDAP servers. To do that, I created a "star" certificate, like CN=*.cbe.cornell.edu in your case, and then I created a new entry in DNS doing round-robin between both IPs. Queries get split to both servers, and if there is an update that falls on the slave, the referral to the master by its own name will take care of doing the update properly. The star certificate makes sure that connections using any name (the RR or the master's name in case of updates) will match the certificate.
HTH, Filipe