[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [SOLVED] Re: multiple servers in DNS and TLS

To: Dieter Kluenter <dieter@dkluenter.de>
Subject: Re: [SOLVED] Re: multiple servers in DNS and TLS
From: Howard Chu <hyc@symas.com>
Date: Wed, 18 Jul 2007 03:00:52 -0700
Cc: openldap-software@openldap.org
In-reply-to: <877ioybdw5.fsf@magenta.l4b.de>
References: <1i1f5lb.1qh5qzc1kbujj6M%manu@netbsd.org> <877ioybdw5.fsf@magenta.l4b.de>
User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9a7pre) Gecko/2007071219 SeaMonkey/2.0a1pre

Dieter Kluenter wrote:

manu@netbsd.org (Emmanuel Dreyfus) writes:

Quanah Gibson-Mount <quanah@zimbra.com> wrote:

Is there some kind of trick to get this done properly?
Use a cert with a correct subjectAltName, or a wildcard cert.

For future reference:

Assuming we have in the DNS the following RR:
foo     IN      A       192.0.2.11
bar     IN      A       192.0.2.12
ldap    1 IN    A       192.0.2.11
ldap    1 IN    A       192.0.2.12

Create certificate for foo:
subjectAltName=DNS:ldap.example.net,DNS:foo.example.net
CN=ldap.example.net

Create certificate for bar:
subjectAltName=DNS:ldap.example.net,DNS:bar.example.net
CN=ldap.example.net


I know that the subjectAltName type DNS is recommended, but RFC 4513
refers to type dNSName. Is there any reason that OpenLDAP requires
type DNS?

They are one and the same. "DNS" is just the way that it is specified in the OpenSSL tools. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

References:
- [SOLVED] Re: multiple servers in DNS and TLS
  - From: manu@netbsd.org (Emmanuel Dreyfus)
- Re: [SOLVED] Re: multiple servers in DNS and TLS
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: ManageDSAiT
Next by Date: Re: how to maintain OpenLDAP database ?
Index(es):
- Chronological
- Thread