[Date Prev][Date Next]
Re: tls and ldap server dns alias ?
* FM <dist-list@LEXUM.UMontreal.CA> [0525 20:25]:
> is it possible to use dns alias for openldap server when using tls ?
> ex :
> server1 with dns alias ldap1
> create a cert for ldap1 instead of server 1 ?
The ldap client expects the server ssl cert to have a CN = the domain name
it connected to. slapd itself shouldn't give a toss :)
So if you're talking about ldap1 being a CNAME to server1,
the certificate should be for ldap1.
'Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it.'
-- Brian W. Kernighan
Rasputin :: Jack of All Trades - Master of Nuns