<HTML> <HEAD> <TITLE>Re: [389-users] SubjectAltName MMR question</TITLE> </HEAD> <BODY> Rich, I specify the individual host’s FQDN in the replication agreement. I use haproxy for LB, so the hosts are in ACTIVE-PASSIVE state. Prashanth Sundaram wrote: <BLOCKQUOTE>Hi All, Which one of the case below is suitable for a Multi-Master replication. I have a load balancer with/ ldap.domain.com,/ which is what clients will use to authenticate. *_Question: _*Which one is a better implementation? What are the trade-offs? Please input your feedback as it might be useful for someone coming this way later. This can serve as a knowledge bank. Case-I ldap01: server-cert with cn=ldap01.domain.com, subjAltName=ldap.domain.com ldap02: server-cert with cn=ldap02.domain.com, subjAltName=ldap.domain.com -MMR with tls throws error when “*Check hostname against name in certificate for outbound SSL connections”* option is enabled. But RH recommends it to be turned ON. </BLOCKQUOTE>What is the FQDN you specified in the replication agreement? <BLOCKQUOTE> Case-II ldap01: server-cert with cn=ldap.domain.com, subjAltName=ldap01.domain.com, ldap02.domain.com ldap01: server-cert with cn=ldap.domain.com, subjAltName=ldap01.domain.com,ldap02.domain.com -Does not comply with the requirement that “server-cert” should have hostname as cn.I found this method working perfectly fine. *Knowledge Sharing: *Here’s a useful link which I use all the time and look before posting to the list. This is the archive for the mailing list and has /search/ feature which very useful. <a href="http://www.mail-archive.com/fedora-directory-users">http://www.mail-archive.com/fedora-directory-users</a> redhat com/info.html ------------------------------------------------------------------------ -- 389 users mailing list 389-users redhat com <a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a> </BLOCKQUOTE> <HR ALIGN=CENTER SIZE="3" WIDTH="100%">[Date Prev <<a href="https://www.redhat.com/archives/fedora-directory-users/2010-January/msg00006.html">https://www.redhat.com/archives/fedora-directory-users/2010-January/msg00006.html</a>> ][Date Next <<a href="https://www.redhat.com/archives/fedora-directory-users/2010-January/msg00008.html">https://www.redhat.com/archives/fedora-directory-users/2010-January/msg00008.html</a>> ] [Thread Prev <<a href="https://www.redhat.com/archives/fedora-directory-users/2010-January/msg00006.html">https://www.redhat.com/archives/fedora-directory-users/2010-January/msg00006.html</a>> ][Thread Next <<a href="https://www.redhat.com/archives/fedora-directory-users/2010-January/msg00008.html">https://www.redhat.com/archives/fedora-directory-users/2010-January/msg00008.html</a>> ] [Thread Index <<a href="https://www.redhat.com/archives/fedora-directory-users/2010-January/thread.html#00007">https://www.redhat.com/archives/fedora-directory-users/2010-January/thread.html#00007</a>> ] [Date Index <<a href="https://www.redhat.com/archives/fedora-directory-users/2010-January/date.html#00007">https://www.redhat.com/archives/fedora-directory-users/2010-January/date.html#00007</a>> ] [Author Index <<a href="https://www.redhat.com/archives/fedora-directory-users/2010-January/author.html#00007">https://www.redhat.com/archives/fedora-directory-users/2010-January/author.html#00007</a>> ] </BODY> </HTML>