[Date Prev][Date Next]
Re: Problems with multiple DNS names in cert.
[ Tony Earnshaw ]
> tor, 2003-03-27 kl. 12:07 skrev Mathias Meisfjordskar:
> > beeblebrox.uio.no# /ldap/usr/bin/ldapsearch -x -h bb.uio.no -ZZ -s base -d -1
> > ldap_connect_to_host: TCP bb.uio.no:389
> > ...
> > ldap_int_sasl_open: host=beeblebrox.uio.no
> Your network admin has very obligingly put your machine directly on
> the Internet and arranged DNS for it.
Yes, he(I) did. :)
> bb.uio.no is a nickname for beeblebrox.uio.no. You asked ldapsearch
> to connect to the nickname, not the canonical name. They are not the
> same as far as the cert is concerned.
No, but the
X509v3 Subject Alternative Name:
in my .crt should fix that. From all the docs I've red, this should
work. It has worked, in the past.
> Also, have a look at /etc/hosts and /etc/nsswitch.conf (if you have
> that last one), to see that the latter's hosts entry agrres with
> what you have in the hosts file.
127.0.0.1 localhost.localdomain localhost
shadow: files nis
hosts: files dns nis
services: files nis
networks: nis [NOTFOUND=continue] files
protocols: nis [NOTFOUND=continue] files
rpc: nis [NOTFOUND=continue] files
ethers: nis [NOTFOUND=continue] files
netmasks: nis [NOTFOUND=continue] files
bootparams: nis [NOTFOUND=continue] files
publickey: nis [NOTFOUND=continue] files
automount: files nis
aliases: files nis
Howard Chu said it was a client problem, but if the server supports
DNS-aliases, why shouldn't the client(bundled with OpenLDAP) do the
same? I guess I'm missing something here, but I can't figure out what.
Is it a problem with reverse DNS lookups? I don't know.
Thanks again for answering.
"If it works; HIT IT AGAIN!"