utilizing load balancer for LDAP

Peter Schober peter.schober at univie.ac.at
Wed Nov 21 17:05:31 EST 2018

* Robert Rust <robert.j.rust at uwrf.edu> [2018-11-21 22:49]:
> I have a load balancer set up, but it doesn’t do SSL off-loading so
> Shibboleth/ldaptive doesn’t like the fact that the SSL certificate
> doesn’t match the name.

Well, then you simply have a broken TLS server setup, no?
Why should the client go to lengths to avoid tripping over this?

Most LDAP clients set to enforce LDAP+StartTLS or LDAPs will not be
able to tolerate that, so fixing your servers and/or DNS resoution for
these and/or certs (e.g what Ryan just suggested) and/or load balancer
would be spending your time more wisely, IMHO.


More information about the users mailing list