Hi,
Yes, you are right. Ideally, you should point to a cluster or some VIP for AD. Then it should direct your request to any available DC. You can add individual DC as well on the DE side.
HTH,
Nitin Pande
------------------------------
Support
Broadcom
Toronto
------------------------------
Original Message:
Sent: Jun 17, 2025 07:10 AM
From: Sri Krishna Munjuluri
Subject: ESP dSeries workload automation with LDAP Integration[SSL Enabled] - Certificate Renewal of LDAP Server
Also Sathish, Based on our experience we got suggestion from our LDAP team to use Domain name to establish connection instead of explicitly adding individual domain controllers as it'll be the functionality of the domain which re-directs connections to active Domain controller.
Nitin can comment .
Original Message:
Sent: May 23, 2025 01:25 PM
From: Sathish Kumar R
Subject: ESP dSeries workload automation with LDAP Integration[SSL Enabled] - Certificate Renewal of LDAP Server
Hi Team,
We have configured CA Scheduler with LDAP integration [SSL Enabled].
We have high availability of 4 AD/LDAP Servers, for each we have created separate Authentication system total of 5 authentication with one LB connection.
Now we out of 4 servers for 2 LDAP Servers the certificate was renewed, so I can remove/delete the old certs and import the new renewed certs in keystore right?
So, on next time when CA connect to either of these 2 servers authentication system whose certs renewed it will take work with new certs right? or do I have to consider any other steps?
Your response is much appreciated, Thank you.