[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [SOLVED] Re: multiple servers in DNS and TLS

To: openldap-software@openldap.org
Subject: Re: [SOLVED] Re: multiple servers in DNS and TLS
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Wed, 18 Jul 2007 05:15:54 +0200
In-reply-to: <1i1f5lb.1qh5qzc1kbujj6M%manu@netbsd.org> (Emmanuel Dreyfus's message of "Tue, 17 Jul 2007 23:50:22 +0200")
References: <1i1f5lb.1qh5qzc1kbujj6M%manu@netbsd.org>
User-agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.5 (chestnut, linux)

manu@netbsd.org (Emmanuel Dreyfus) writes:

> Quanah Gibson-Mount <quanah@zimbra.com> wrote:
>
>> > Is there some kind of trick to get this done properly?
>> Use a cert with a correct subjectAltName, or a wildcard cert.
>
> For future reference:
>
> Assuming we have in the DNS the following RR:
> foo     IN      A       192.0.2.11
> bar     IN      A       192.0.2.12
> ldap    1 IN    A       192.0.2.11
> ldap    1 IN    A       192.0.2.12
>
> Create certificate for foo:
> subjectAltName=DNS:ldap.example.net,DNS:foo.example.net
> CN=ldap.example.net
>
> Create certificate for bar:
> subjectAltName=DNS:ldap.example.net,DNS:bar.example.net
> CN=ldap.example.net

I know that the subjectAltName type DNS is recommended, but RFC 4513
refers to type dNSName. Is there any reason that OpenLDAP requires
type DNS?

-Dieter  

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6

Follow-Ups:
- Re: [SOLVED] Re: multiple servers in DNS and TLS
  - From: manu@netbsd.org (Emmanuel Dreyfus)
- Re: [SOLVED] Re: multiple servers in DNS and TLS
  - From: Howard Chu <hyc@symas.com>

References:
- [SOLVED] Re: multiple servers in DNS and TLS
  - From: manu@netbsd.org (Emmanuel Dreyfus)

Prev by Date: Re: How do I tell ldapsearch to authenticate to the referred to LDAPserver when chasing a referral?
Next by Date: Re: [SOLVED] Re: multiple servers in DNS and TLS
Index(es):
- Chronological
- Thread