<br><div>
<p class="MsoNormal">I have two 389 servers and a RHEL 6 sssd configured client. LDAP and LDAPS authentication is working against
these identical DS. My questioned in
centered around client side certificate handling. </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Is it possible to reference multiple server certs from /etc/openldap/cacerts? For example, if my primary server
devldaps4901 is unreachable connect to devldap4902 using its cert located in
/etc/openldap/cacerts (see below)?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">I am able to fail over manually if I deleted the ee8c0644.0
hash and recreate it pointing to devldaps4902 along with an sssd restart. Am I missing something obvious here or is my
approach all wrong? </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Thank you, </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Rich,</p>
<p class="MsoNormal">Thanks for the setupssl2.sh script. It worked great!</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">ldap_tls_cacertdir = /etc/openldap/cacerts</p>
<p class="MsoNormal">ldap_uri = ldaps://<a href="http://devldaps4901.autotrader.com">devldaps4901.autotrader.com</a>,ldaps://<a href="http://devldaps4902.autotrader.com">devldaps4902.autotrader.com</a></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">[root@rhel6-client cacerts]# ls -l</p>
<p class="MsoNormal">total 8</p>
<p class="MsoNormal">-rw-r--r--. 1 root root 647 Sep 8 16:02 devldaps4901.asc</p>
<p class="MsoNormal">-rw-r--r--. 1 root root 647 Sep 8 16:02 devldaps4902.asc</p>
<p class="MsoNormal">lrwxrwxrwx. 1 root root
16 Sep 8 19:13 ee8c0644.0 ->
devldaps4901.asc</p>
<p class="MsoNormal">lrwxrwxrwx. 1 root root
16 Sep 8 19:13 ee8c0644.1 ->
devldaps4902.asc</p>
</div>