[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Change over to anonymous binds

To: Tony Earnshaw <tonni@billy.demon.nl>, openldap-software@OpenLDAP.org, paul <koelle1@uni-weimar.de>
Subject: Re: Change over to anonymous binds
From: Jim C <jcllings@tsunamicomm.net>
Date: Sun, 18 Aug 2002 11:01:44 -0700
References: <3D5D3E40.105@ae-solutions.com> <3D5E9BFD.80200@tsunamicomm.net> <3D5F0EA5.4080304@tsunamicomm.net> <3D5F8B7A.2000909@uni-weimar.de> <1029676261.10377.48.camel@billy.demon.nl>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4.1) Gecko/20020508 Netscape6/6.2.3

Rather than doing this, can I just add another certificate to the certificate file that has the correct settings or turn off ssl for just the cleint on the server? The problem is that my server is also my gateway and I need an actual name daemon on it. Every time I try to replace the localhost IP of the server with the FQDN I get all kinds of trouble. It will spontaneously drop to runlevel 3 on bootup for example or take several minutes to log anyone in. I've tried various means of testing this but all indications are that DNS is configured correctly.

Also, I cannot seem to make permanent alterations to the resolv.conf file. Every time I reboot it, it just goes back to what it was previously. I've even tried changeing settings in various files under /etc/sysconfig. No dice.

Tony Earnshaw wrote:

søn, 2002-08-18 kl. 13:56 skrev paul:

Clue please?

Use FQDN instead of 127.0.0.1. If your' using ssl with a self signed certificate, the HOST entry in ldap.conf should be the same as the CommonName field in the cert.


Seconded. What I'm doing now is known in Engish English as "picking up
fag ends" which means "picking up half smoked cigarette ends", which
means "picking up trails half way through", which is what I'm doing
here.

I don't use Solaris for ldap, but everything you describe and want,
works perfectly for me under Linux.

I have to have "localhost" in the certificates. Some things work if I
have "127.0.0.1", others not. "localhost." (note the dot) works in some
cases, some not. "localhost" works perfectly (no dot!).

I have a caching nameserver on a dialup connection. My domain is
billy.demon.nl, which isn't always on line. "localhost" gets translated
by my resolver to "localhost.demon.nl". If I don't have a DNS zone
"localhost.demon.nl" for which my node is authoritative, I have to wait
a   * l o n g *   time for every single thing I do.

So I don't just have the standard BIND zone localhost.zone, but I also
have billy.zone, which makes me authoritative for localhost.demon.nl .

Then there's absolutely no wait.

Best,

Tony

Follow-Ups:
- Re: Change over to anonymous binds
  - From: Tony Earnshaw <tonni@billy.demon.nl>

References:
- Solaris 9 LDAP client issues
  - From: Scott Moorhouse <smoorhouse@ae-solutions.com>
- Change over to anonymous binds
  - From: Jim C <jcllings@tsunamicomm.net>
- Re: Change over to anonymous binds
  - From: Jim C <jcllings@tsunamicomm.net>
- Re: Change over to anonymous binds
  - From: paul <koelle1@uni-weimar.de>
- Re: Change over to anonymous binds
  - From: Tony Earnshaw <tonni@billy.demon.nl>

Prev by Date: AW: AW: AW: __eprintf
Next by Date: Re: Change over to anonymous binds
Index(es):
- Chronological
- Thread