On 14 May 2019, at 18:45, Angel Bosch Mora
<abosch(a)imasmallorca.net> wrote:
hi!
I'm creating my own MMR script and I would like to know if there's any limitation
with the FQDN used in nsslapd-referral as stated in
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10...
we use a virtual IP/hostname for consumer readonly servers (
ldapr.example.com) and
another one for suppliers writable servers (
ldapw.example.com).
we configure certs using -8 parameter with additional hostnames so client don't
complain about name mismatch but I'm not sure if we can find any other problem
configuring nsslapd-referral with this virtual name instead of real hostname.
any advice?
Do you have load balancers in here at all? Or is it just directly accessible servers? What
does the TLS termination?
Provided the value you supply to nsslapd-referral is in the SAN of the cert, this should
have no issues.
If you have load balancers/VIP involved, you should set the nsslapd-referral to the
hostname of the load balancer/VIP, rather than to individual servers, and all certs must
have the SAN for the LB/VIP in them.
Does that help?
abosch
-- Institut Mallorqui d'Afers Socials. Aquest missatge, i si escau, qualsevol fitxer
annex, es dirigeix exclusivament a la persona que n'es destinataria i pot contenir
informacio confidencial. En cap cas no heu de copiar aquest missatge ni lliurar-lo a
terceres persones sense permis expres de l'IMAS. Si no sou la persona destinataria que
s'hi indica (o la responsable de lliurar-l'hi) us demanam que ho notifiqueu
immediatament a l'adreca electronica de la persona remitent.
-- Abans d'imprimir aquest missatge, pensau si es realment necessari.
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs