[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL and openldap 2.0.14

To: Justin Hahn <jeh@profitlogic.com>
Subject: Re: SSL and openldap 2.0.14
From: Stig Venaas <Stig@OpenLDAP.org>
Date: Sun, 16 Sep 2001 12:39:25 +0200
Cc: "'Kurt D. Zeilenga'" <Kurt@OpenLDAP.org>, "'openldap-software@openldap.org'" <openldap-software@OpenLDAP.org>
In-reply-to: <419A3E73A18BD211A17000105A1C37E9C9D4D0@mail.grossprofit.com>; from jeh@profitlogic.com on Tue, Sep 11, 2001 at 02:15:38PM -0400
References: <419A3E73A18BD211A17000105A1C37E9C9D4D0@mail.grossprofit.com>

On Tue, Sep 11, 2001 at 02:15:38PM -0400, Justin Hahn wrote:
> > Are you using FQDN to connect to the server?
> 
> Not always. The server is accessed through a couple CNAMEs as well... This
> seems to explain the behavior. 
> 
> I wish the local portion of the domain name would work when the local domain
> is configured for a host. I.E. if my domain is localdomain.net and my ldap
> server is ldap00 I'd have expected it to fully qualify the name to
> ldap00.localdomain.net if I only specify ldap00 - but I can live with it if
> it won't.
> 
> Oh well, a little network reconfiguration is due I guess.

If your configuration is correct, it should be able to resolve the
address of the server without using FQDN. So simply ldap00 should
work when not using SSL at least. I suppose the problem is that it
must match the common name of the certificate. For security reasons
I think it might be best to not rely on search path anyway.

Stig

References:
- RE: SSL and openldap 2.0.14
  - From: Justin Hahn <jeh@profitlogic.com>

Prev by Date: oladm : OpenLDAP admin tool : alpha release
Next by Date: Re: ldap_simple_bind_s() takes too much time!
Index(es):
- Chronological
- Thread