[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and SSL



ons, 01.12.2004 kl. 00.42 skrev Chasecreek Systemhouse:

> OK, My DN should match my CN.
> 
> dn: dc=debian,dc=insecurity,dc=org
> ...
> dn: cn=admin,dc=debian,dc=insecurity,dc=org
> 
> Is there any reason why a Cert created for debian.insecurity.org
> should NOT work now?
> 
> ldapsearch -x -b 'dc=debian,dc=insecurity,dc=org' -D
> "cn=admin,dc=debian,dc=insecurity,dc=org" '(objectclass=*)' -H
> ldap://192.168.2.2 -W
> 
> Works as expected; however this still hangs the server:
> 
> ldapsearch -x -b 'dc=debian,dc=insecurity,dc=org' -D
> "cn=admin,dc=debian,dc=insecurity,dc=org" '(objectclass=*)' -H
> ldaps://192.168.2.2 -W

If slapd is using the resolver, which it is (do an ldd on the binary) it
will go both to your /etc/hosts then to DNS and get two different IP
addresses for the subject CN in the server cert. You shouldn't use the
same hostname for both 192.168.2.2 and 68.214.83.106.- your local lan
shouldn't be known to the machine as insecurity.org - it's a different
zone. Maybe that's why it's hanging.

Moreover, if it' true (as you wrote in a recent posting that you're
using OL 2.1.3 (and not 2.1.30) then that's a really buggy version. I
started with 2.1.8 and that was bad enough.

--Tonni

-- 
Nothing sucksseeds like a pigeon without a beak ...

mail: tonye@billy.demon.nl
http://www.billy.demon.nl
 
They love us, don't they, They feed us, won't they ...