After having read through the Howto:SSL document on the 389 wiki, i went
ahead and set up SSL for my master instance - it works great, and i
couldn't be happier. :)
I have a slave set up to do read-only replication from the master ; now,
the wiki document has information on how to integrate the certificate
into a slave so that the replication can occur over SSL, which i'll no
doubt do, but that's not what i'm looking for advice on now.
What i'm interested in is actually duplicating the new SSL setup that
currently exists on the master. I realise that this sounds funny, but
the reason is simple : in our environment, all of the clients and
LDAP-aware applications are configured to send requests to a given
hostname (which is not the base FQDN of the LDAP server - it's another,
separate hostname entirely). If the master goes down, the slave
automatically has this separate hostname assigned to it.
(Put another way, it's a sort of poor-man's failover. It's far from
perfect, and everybody knows it, but that's what's there, so for now we
live with it. :P )
What i would appear to need, therefore, is to have the slave be able to
respond to incoming SSL requests with exactly the same credentials as
the master. Is this even possible, and if so, how would i got about
doing it ?
Thank you, all.
Daniel Maher <dma + 389users AT witbe DOT net>