[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Change over to anonymous binds

To: "Tony Earnshaw" <tonni@billy.demon.nl>
Subject: RE: Change over to anonymous binds
From: "Howard Chu" <hyc@symas.com>
Date: Mon, 19 Aug 2002 11:28:45 -0700
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <1029776359.12051.136.camel@billy.demon.nl>

You can always use the /etc/hosts file, just put the fully qualified name and
whatever valid addresses in there. Set /etc/nsswitch.conf with
	hosts: files dns
to make sure you get your local info first.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support 

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Tony Earnshaw
> Sent: Monday, August 19, 2002 9:59 AM
> To: Kurt D. Zeilenga
> Cc: Jim C; openldap-software@OpenLDAP.org; paul
> Subject: Re: Change over to anonymous binds
> 
> 
> man, 2002-08-19 kl. 18:05 skrev Kurt D. Zeilenga:
> 
> > Whatever works fine for you is fine for you.  But I think it
> > is not a general solution to dealing with such situations,
> > namely because the certificate would only be usable if the
> > client was on the local host and connected to "localhost"
> > and didn't map "localhost" to your local host name (as
> > some clients do).
> 
> Good point! Now all I have to do is to find the time, take the trouble
> and *dare* to change things - that (at the moment) work fine already.
> 
> > A better approach would be to configure your name resolution
> > system such that billy.demon.nl resolved to the appropriate
> > address (which may change over time) of your server.  At
> > times, may the appropriate address is 127.0.0.1... but
> > I would suggest you set up your addressing/routing such
> > that 212.238.97.135 is appropriate at all times.
> 
> My infantile intelligence tells me: "You can't be authoritative for
> billy.demon.nl without being authoritative for demon.nl."
> 
> But the the grandpa with *his* intelligence chips in: "If you're already
> authoritative for localhost.demon.nl, why can't you also be
> authoritative for a single other node in that particular zone?"
> 
> Thanks Kurt!
> 
> I'll let you know :-)
> 
> Best,
> 
> Tony
> 
> -- 
> 
> Tony Earnshaw
> 
> The usefulness of RTFM is vastly overrated.
> 
> e-post:		tonni@billy.demon.nl
> www:		http://www.billy.demon.nl
> gpg public key:	http://www.billy.demon.nl/tonni.armor
> 
> Telefoon:	(+31) (0)172 530428
> Mobiel:		(+31) (0)6 51153356
> 
> GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981
> 3BE7B981
> 
> 
> 
> 
>

References:
- Re: Change over to anonymous binds
  - From: Tony Earnshaw <tonni@billy.demon.nl>

Prev by Date: saslRegexp
Next by Date: RE: Setting certificate file for client
Index(es):
- Chronological
- Thread