[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems with multiple DNS names in cert.

[ Tony Earnshaw ]

> tor, 2003-03-27 kl. 12:07 skrev Mathias Meisfjordskar:
> > beeblebrox.uio.no# /ldap/usr/bin/ldapsearch -x -h bb.uio.no -ZZ -s base -d -1
> > 
> > ldap_connect_to_host: TCP bb.uio.no:389
> > ...
> > ldap_int_sasl_open: host=beeblebrox.uio.no
> Your network admin has very obligingly put your machine directly on
> the Internet and arranged DNS for it.

Yes, he(I) did. :)

> bb.uio.no is a nickname for beeblebrox.uio.no. You asked ldapsearch
> to connect to the nickname, not the canonical name. They are not the
> same as far as the cert is concerned.

No, but the 

            X509v3 Subject Alternative Name: 

in my .crt should fix that. From all the docs I've red, this should
work. It has worked, in the past. 


> Also, have a look at /etc/hosts and /etc/nsswitch.conf (if you have
> that last one), to see that the latter's hosts entry agrres with
> what you have in the hosts file.

/etc/hosts:               localhost.localdomain localhost           beeblebrox.uio.no

passwd:     compat
shadow:     files nis
group:      files

hosts:      files dns nis
netgroup:   nis

services:   files nis
networks:   nis [NOTFOUND=continue] files
protocols:  nis [NOTFOUND=continue] files
rpc:        nis [NOTFOUND=continue] files
ethers:     nis [NOTFOUND=continue] files
netmasks:   nis [NOTFOUND=continue] files     
bootparams: nis [NOTFOUND=continue] files
publickey:  nis [NOTFOUND=continue] files

automount:  files nis
aliases:    files nis

Howard Chu said it was a client problem, but if the server supports
DNS-aliases, why shouldn't the client(bundled with OpenLDAP) do the
same? I guess I'm missing something here, but I can't figure out what. 

Is it a problem with reverse DNS lookups? I don't know. 

Thanks again for answering.

Mathias Meisfjordskar
GNU/Linux addict.

"If it works; HIT IT AGAIN!"