[Date Prev][Date Next]
Re: LDAP and SSL
- To: Openldap list <openldap-software@OpenLDAP.org>
- Subject: Re: LDAP and SSL
- From: Tony Earnshaw <firstname.lastname@example.org>
- Date: Wed, 01 Dec 2004 18:05:59 +0100
- In-reply-to: <41ADDB8E.email@example.com>
- Organization: Billy
- References: <firstname.lastname@example.org> <email@example.com> <1101811667.30561.34.camel@localhost> <firstname.lastname@example.org> <1101825984.874.19.camel@localhost> <email@example.com> <1101843349.4634.22.camel@localhost> <firstname.lastname@example.org> <email@example.com> <firstname.lastname@example.org> <email@example.com> <1101896882.9372.54.camel@localhost> <41ADDB8E.firstname.lastname@example.org>
ons, 01.12.2004 kl. 15.56 skrev Howard Chu:
> >If slapd is using the resolver, which it is (do an ldd on the binary) it
> >will go both to your /etc/hosts then to DNS and get two different IP
> >addresses for the subject CN in the server cert. You shouldn't use the
> >same hostname for both 192.168.2.2 and 188.8.131.52.- your local lan
> >shouldn't be known to the machine as insecurity.org - it's a different
> >zone. Maybe that's why it's hanging.
> Wrong. The resolver stops as soon as it finds one match, it will not
> look in both places. There is nothing wrong with this hosts configuration.
> The fact that the server hangs cannot be caused by any content of the
> certificate. This whole line of pursuit is pointless.
So why is his machine hanging, whilst mine and no-one else's in the
whole wide Openldap world (at least, that of the subscribers to this
list) isn't? Including Debian users ;) Oh, and yes; though he now has it
working, it's still hanging.
Solve that one.
The fact remains that Bill is defining insecurity.org in 2 discrete
zones and that, in any sysadmin's language, is a no-no.
> >Moreover, if it' true (as you wrote in a recent posting that you're
> >using OL 2.1.3 (and not 2.1.30) then that's a really buggy version. I
> >started with 2.1.8 and that was bad enough.
> This is more likely to be relevant than anything else.
Turns out it was 2.1.30.
Nothing sucksseeds like a pigeon without a beak ...
They love us, don't they, They feed us, won't they ...
- Re: LDAP and SSL
- From: Chasecreek Systemhouse <email@example.com>