[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Perplexed

fre, 2002-08-09 kl. 21:44 skrev Caylan Van Larson:
> > >"Never use IP numbers for hostnames, always use FQDNs". Well, for me
> > >TLS/SSL only works with my IP number (, not localhost. or
> > >'uname -n' - the FQDN "billy.demon.nl". 

> I think you are having because the certificates you create must be for the 
> fqdn you are addressing in ldap.conf.

My fqdn is "localhost. " Because my notebook is not on the internet the
whole time. When it *is* on the Internet, it suddenly becomes
billy.demon.nl with a static ppp0 IP number, known on the Internet. If I
try with "localhost.", which is what my BIND DNS and /etc/hosts know,
ldap with TLS doesn't work with any sort of an fqdn. It does work with

> This means that if on your client 
> machine /etc/ldap.conf points to your ldap server at ldap.domain.com your 
> certificates must be for ldap.domain.com.  If they differ ssl/tls will puke.

Yes, basically that's what I discovered. The point is, that it is not
possible to give a FQDN; I have to give an IP number. Otherwise it
doesn't work. Believe me, I've tried everything else :-)

My question was: Why does everyone tell me not to do this (otherwise
nothing will work) and for me this is the only thing that works?




Tony Earnshaw

The usefulness of RTFM is vastly overrated.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl
gpg public key:	http://www.billy.demon.nl/tonni.armor

Telefoon:	(+31) (0)172 530428
Mobiel:		(+31) (0)6 51153356

GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981

Attachment: signature.asc
Description: Dette er en digitalt signert meldingsdel