[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7045) "ldapsearch -Z" should continue using TLS one cert mis-match



On Monday, 19 September 2011 02:41:30 Jason_Haar@trimble.com wrote:

> 
> (I'm using ldapsearch to dump Active Directory LDAP data via the DNS
> round-robin entry for the domain name: as such the LDAP host *never*
> matches the hostname DNS round-robin gives back - and I don't care - I
> just don't want the network group sniffing my password ;-)

Then your 'Active Directory' servers should have subjectAltName extensions for 
the DNS round-robin hostname ...