[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Additional bug in OpenLDAP TLS code

--On Wednesday, May 10, 2017 11:19 PM +0200 Michael Ströder <michael@stroeder.com> wrote:

Quanah Gibson-Mount wrote:
Attempting to connect via ldapsearch to ldap:// and initiate
startTLS will fail, as the IP gets mapped to "localhost", and then the
FQDN check fails.

Yes, this is a bug. Especially since the mapping to "localhost" does not
have a trustable source for this mapping.

Bah, never mind. I had a runaway slapd with old cert info running. It does work in this scenario correctly.



Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: