On Tue, Aug 17, 2010 at 09:37:24AM -0430, Jose Ildefonso Camargo Tolosa wrote: > Hi! > > On Mon, Aug 16, 2010 at 9:23 PM, Simon Horman <[email protected]> wrote: > > On Fri, Aug 13, 2010 at 11:09:54AM -0430, Jose Ildefonso Camargo Tolosa > > wrote: > > > > [ snip ] > >> > >> Nothing new, except, maybe, the replication thing, Cyrus suggest the > >> use of Perdition (which can be very problematic, specially with > >> SSL/TLS related issues). > > > > Could you be more specific about what SSL/TLS (or other) issues you are > > concerned about? It would be good to get them fixed. > > Concerned?... not anymore, I solved them when I had the issues, but it > involved: > > 0. Make my LDAP server use LDAPv2 (actually, I created a replica on > the perdition server, and made *that one* accept LDAPv2). > 1. Make perdition use ssl_outgoing/tls_all while connecting to real > server (because real server *required* SSL/TLS). This was a clearly > necessary step. > 2. Make perdition ssl_no_cn_verify, because the certificate > verification failed from perdition to the real server (server was > valid, signed with internal CA, with correct name, but perdition > complained on cert, so, I just enabled this). This bothered my a > little, but fortunately perdition had an option for it. > 3. Copy the capability string from real server to perdition's > imap_capability option, because some IMAP clients failed (I remember > eGroupWare's IMAP client, at the moment), so, not just a plain copy, I > had to remove a couple of options from the string. > > I just took that from my Jun 2009 notes, when I had to implement it. > > I just found perdition to be, maybe, too problematic, that's why I > have been trying to get the time to make Dovecot's proxy capabilities > work (which looks promising). Also, back then, perdition looked a > little abandoned (2 years since last release, back then, 1.17.1 was > the latest release). I see there have been serious work on it > recently so: that's good.
There was a period of little activity, but that is no longer the case. I am certainly all ears with regards to making the current code better. _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
