I use a cert with the VIP used by clients, and the hostnames used between the servers all setup in the subjectaltname of the certificate.
From: openldap-technical [mailto:[email protected]] On Behalf Of coma Sent: Tuesday, December 09, 2014 1:13 PM To: Michael Ströder Cc: [email protected] Subject: Re: N-Way multimaster Replication with TLS and multiple server certificates Hello, ok thank you. Just wanted to know if there was an alternative, now I know there are none! I will do as Quanah and you said. Thanks again for for your responsiveness! 2014-12-09 20:55 GMT+01:00 Michael Ströder <[email protected]<mailto:[email protected]>>: coma wrote: > My problem is that cn=config is replicated on all servers, including > TLSCertificateFile and TLSCertificateKeyFile... therefore the replication > obviously not working (the certificate and key path of the first server are > replicated on the second server). > > I know there is some solutions to workaround this "issue", like: > - Don't replicate cn=config > - Use the same certificate and key for all servers > - Use the same certificate and key path in cn=config (ex: > /etc/openldap/cert/common_cert_name.pem and > /etc/openldap/cert/common_cert_name.key) and then make symlinks to the > correct files on the local server ..or directly place the correct files to the same certificate and key path. Yes, that's what ansible/puppet/chef/name-your-favourite-config-management-tool is for. Ciao, Michael. ________________________________ This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
