[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and SSL

ons, 01.12.2004 kl. 00.42 skrev Chasecreek Systemhouse:

> OK, My DN should match my CN.
> dn: dc=debian,dc=insecurity,dc=org
> ...
> dn: cn=admin,dc=debian,dc=insecurity,dc=org
> Is there any reason why a Cert created for debian.insecurity.org
> should NOT work now?
> ldapsearch -x -b 'dc=debian,dc=insecurity,dc=org' -D
> "cn=admin,dc=debian,dc=insecurity,dc=org" '(objectclass=*)' -H
> ldap:// -W
> Works as expected; however this still hangs the server:
> ldapsearch -x -b 'dc=debian,dc=insecurity,dc=org' -D
> "cn=admin,dc=debian,dc=insecurity,dc=org" '(objectclass=*)' -H
> ldaps:// -W

If slapd is using the resolver, which it is (do an ldd on the binary) it
will go both to your /etc/hosts then to DNS and get two different IP
addresses for the subject CN in the server cert. You shouldn't use the
same hostname for both and your local lan
shouldn't be known to the machine as insecurity.org - it's a different
zone. Maybe that's why it's hanging.

Moreover, if it' true (as you wrote in a recent posting that you're
using OL 2.1.3 (and not 2.1.30) then that's a really buggy version. I
started with 2.1.8 and that was bad enough.


Nothing sucksseeds like a pigeon without a beak ...

mail: tonye@billy.demon.nl
They love us, don't they, They feed us, won't they ...