I have two 389 servers and a RHEL 6 sssd configured client. LDAP and LDAPS
authentication is working against these identical DS. My questioned in
centered around client side certificate handling.
Is it possible to reference multiple server certs from
/etc/openldap/cacerts? For example, if my primary server devldaps4901 is
unreachable connect to devldap4902 using its cert located in
/etc/openldap/cacerts (see below)?
I am able to fail over manually if I deleted the ee8c0644.0 hash and
recreate it pointing to devldaps4902 along with an sssd restart. Am I
missing something obvious here or is my approach all wrong?
Thanks for the setupssl2.sh script. It worked great!
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_uri = ldaps://devldaps4901.autotrader.com,ldaps://
[root@rhel6-client cacerts]# ls -l
-rw-r--r--. 1 root root 647 Sep 8 16:02 devldaps4901.asc
-rw-r--r--. 1 root root 647 Sep 8 16:02 devldaps4902.asc
lrwxrwxrwx. 1 root root 16 Sep 8 19:13 ee8c0644.0 -> devldaps4901.asc
lrwxrwxrwx. 1 root root 16 Sep 8 19:13 ee8c0644.1 -> devldaps4902.asc