[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and SSL

ons, 01.12.2004 kl. 15.56 skrev Howard Chu:

> >If slapd is using the resolver, which it is (do an ldd on the binary) it
> >will go both to your /etc/hosts then to DNS and get two different IP
> >addresses for the subject CN in the server cert. You shouldn't use the
> >same hostname for both and your local lan
> >shouldn't be known to the machine as insecurity.org - it's a different
> >zone. Maybe that's why it's hanging.
> >  
> >
> Wrong. The resolver stops as soon as it finds one match, it will not 
> look in both places. There is nothing wrong with this hosts configuration.
> The fact that the server hangs cannot be caused by any content of the 
> certificate. This whole line of pursuit is pointless.

So why is his machine hanging, whilst mine and no-one else's in the
whole wide Openldap world (at least, that of the subscribers to this
list) isn't? Including Debian users ;) Oh, and yes; though he now has it
working, it's still hanging.

Solve that one.

The fact remains that Bill is defining insecurity.org in 2 discrete
zones and that, in any sysadmin's language, is a no-no.

> >Moreover, if it' true (as you wrote in a recent posting that you're
> >using OL 2.1.3 (and not 2.1.30) then that's a really buggy version. I
> >started with 2.1.8 and that was bad enough.
> >  
> >
> This is more likely to be relevant than anything else.

Turns out it was 2.1.30.


Nothing sucksseeds like a pigeon without a beak ...

mail: tonye@billy.demon.nl
They love us, don't they, They feed us, won't they ...