fre, 2002-08-09 kl. 21:44 skrev Caylan Van Larson: > > >"Never use IP numbers for hostnames, always use FQDNs". Well, for me > > >TLS/SSL only works with my IP number (127.0.0.1), not localhost. or > > >'uname -n' - the FQDN "billy.demon.nl". > I think you are having because the certificates you create must be for the > fqdn you are addressing in ldap.conf. My fqdn is "localhost. " Because my notebook is not on the internet the whole time. When it *is* on the Internet, it suddenly becomes billy.demon.nl with a static ppp0 IP number, known on the Internet. If I try with "localhost.", which is what my BIND DNS and /etc/hosts know, ldap with TLS doesn't work with any sort of an fqdn. It does work with "127.0.0.1". > This means that if on your client > machine /etc/ldap.conf points to your ldap server at ldap.domain.com your > certificates must be for ldap.domain.com. If they differ ssl/tls will puke. Yes, basically that's what I discovered. The point is, that it is not possible to give a FQDN; I have to give an IP number. Otherwise it doesn't work. Believe me, I've tried everything else :-) My question was: Why does everyone tell me not to do this (otherwise nothing will work) and for me this is the only thing that works? Best, Tony -- Tony Earnshaw The usefulness of RTFM is vastly overrated. e-post: tonni@billy.demon.nl www: http://www.billy.demon.nl gpg public key: http://www.billy.demon.nl/tonni.armor Telefoon: (+31) (0)172 530428 Mobiel: (+31) (0)6 51153356 GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981 3BE7B981
Attachment:
signature.asc
Description: Dette er en digitalt signert meldingsdel