[389-users] SSL - Multiple Server Certs
Tom Tucker
tktucker at gmail.com
Sun Sep 9 01:29:20 UTC 2012
I have two 389 servers and a RHEL 6 sssd configured client. LDAP and LDAPS
authentication is working against these identical DS. My questioned in
centered around client side certificate handling.
Is it possible to reference multiple server certs from
/etc/openldap/cacerts? For example, if my primary server devldaps4901 is
unreachable connect to devldap4902 using its cert located in
/etc/openldap/cacerts (see below)?
I am able to fail over manually if I deleted the ee8c0644.0 hash and
recreate it pointing to devldaps4902 along with an sssd restart. Am I
missing something obvious here or is my approach all wrong?
Thank you,
Rich,
Thanks for the setupssl2.sh script. It worked great!
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_uri = ldaps://devldaps4901.autotrader.com,ldaps://
devldaps4902.autotrader.com
[root at rhel6-client cacerts]# ls -l
total 8
-rw-r--r--. 1 root root 647 Sep 8 16:02 devldaps4901.asc
-rw-r--r--. 1 root root 647 Sep 8 16:02 devldaps4902.asc
lrwxrwxrwx. 1 root root 16 Sep 8 19:13 ee8c0644.0 -> devldaps4901.asc
lrwxrwxrwx. 1 root root 16 Sep 8 19:13 ee8c0644.1 -> devldaps4902.asc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20120908/c7e349d9/attachment.html>
More information about the 389-users
mailing list