[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS LDAP Configuration w/Linux 5.0

On Thursday 21 February 2008 00:07:28 Mathis, Jim wrote:
> OS: RH Enterprise Server 5.1
> Server Certificates: Created using a Common Name of "S80.com"
> Client Certificate: Copied "cacert.pem" from the server and placed into
> "/etc/openldap/cacerts/"

> uri ldaps://

> URI ldaps://


> ldapsearch -x 'uid=jmathis' -H ldaps://
> ldap_bind: Can't contact LDAP server (-1)

The basic rules for SSL validation include "host name you connect to must 
match subject CN", so, if is S80.com, then -H ldaps://S80.com 
should work ... but I guess it isn't, so you need to generate a new cert with 
the name your clients connect to (hostname part of URI).]