[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS fails

On 2/15/06 6:41 PM, Quanah Gibson-Mount wrote:
On Wednesday 15 February 2006 15:40, Jon Roberts wrote:
Quanah Gibson-Mount wrote:
On Wednesday 15 February 2006 14:23, Ran Li wrote:
The funny thing is, TLS works fine from a remote host, but not on the
server itself. I tried changing localhost to the actual DNS name of the
server, but still I get the same error.
is the ldap server a ldap client? my understanding is it has to be a
ldap client in order to make ldapsearch over tls work.
You have to use the name in your search that matches the name in the
certificate for TLS to work.
In JLDAP clients I can connect to a remote ldaps server by using the ip
address as hostname, even though I obviously did not use the ip as the
name in the certificate. Is that advice specific to ldapsearch,
StartTLS, or something else I might be confused about?

I'm guessing that JLDAP translates the IP address to the FQDN.

Either that or JLDAP is not verifying the name on the cert matches the name requested at all -- only that the cert is signed by a root CA the client knows about.

Frank Swasey                    | http://www.uvm.edu/~fcs
Sr Systems Administrator        | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
  "I am not young enough to know everything." - Oscar Wilde (1854-1900)