[389-users] duplicate existing ssl crenentials on another server ?

Daniel Maher dma+389users at witbe.net
Tue Nov 9 14:58:06 UTC 2010


Hello,

After having read through the Howto:SSL document on the 389 wiki, i went 
ahead and set up SSL for my master instance - it works great, and i 
couldn't be happier. :)

I have a slave set up to do read-only replication from the master ; now, 
the wiki document has information on how to integrate the certificate 
into a slave so that the replication can occur over SSL, which i'll no 
doubt do, but that's not what i'm looking for advice on now.

What i'm interested in is actually duplicating the new SSL setup that 
currently exists on the master.  I realise that this sounds funny, but 
the reason is simple : in our environment, all of the clients and 
LDAP-aware applications are configured to send requests to a given 
hostname (which is not the base FQDN of the LDAP server - it's another, 
separate hostname entirely).  If the master goes down, the slave 
automatically has this separate hostname assigned to it.

(Put another way, it's a sort of poor-man's failover.  It's far from 
perfect, and everybody knows it, but that's what's there, so for now we 
live with it. :P )

What i would appear to need, therefore, is to have the slave be able to 
respond to incoming SSL requests with exactly the same credentials as 
the master.  Is this even possible, and if so, how would i got about 
doing it ?

Thank you, all.


-- 
Daniel Maher <dma + 389users AT witbe DOT net>



More information about the 389-users mailing list