[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: tls and ldap server dns alias ?

To: FM <dist-list@LEXUM.UMontreal.CA>
Subject: Re: tls and ldap server dns alias ?
From: Dick Davies <rasputnik@hellooperator.net>
Date: Fri, 20 May 2005 21:07:04 +0100
Cc: OpenLDAP Discussion List <openldap-software@OpenLDAP.org>
Content-disposition: inline
In-reply-to: <428DDFAB.5080902@lexum.umontreal.ca>
References: <428DDFAB.5080902@lexum.umontreal.ca>
User-agent: Mutt/1.4.2.1i

* FM <dist-list@LEXUM.UMontreal.CA> [0525 20:25]:
> Hello,
> is it possible to use dns alias for openldap server when using tls ?
> ex :
> server1 with dns alias ldap1
> create a cert for ldap1 instead of server 1 ?

The ldap client expects the server ssl cert to have a CN = the domain name
it connected to. slapd itself shouldn't give a toss :)

So if you're talking about ldap1 being a CNAME to server1,
the certificate should be for ldap1.
 
-- 
'Debugging is twice as hard as writing the code in the first place.
  Therefore, if you write the code as cleverly as possible, you are,
 by definition, not smart enough to debug it.'
		-- Brian W. Kernighan
Rasputin :: Jack of All Trades - Master of Nuns

References:
- tls and ldap server dns alias ?
  - From: FM <dist-list@LEXUM.UMontreal.CA>

Prev by Date: Re: What kind of data slapd-monitor provides?
Next by Date: Re: status of dyngroup/dynlist?
Index(es):
- Chronological
- Thread