[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems with multiple DNS names in cert.

To: Tony Earnshaw <tonni@billy.demon.nl>
Subject: Re: Problems with multiple DNS names in cert.
From: Mathias Meisfjordskar <mathias.meisfjordskar@usit.uio.no>
Date: 27 Mar 2003 15:08:52 +0100
Cc: Howard Chu <hyc@highlandsun.com>, openldap-software@OpenLDAP.org
In-reply-to: <1048771181.31487.80.camel@localhost>
Organization: USIT - UiO
References: <000001c2f3c7$b33cc160$9101a8c0@CELLO> <y6wel4tnk3j.fsf@dumbo.uio.no> <1048771181.31487.80.camel@localhost>
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2

[ Tony Earnshaw ]

> tor, 2003-03-27 kl. 12:07 skrev Mathias Meisfjordskar:
> 
> > beeblebrox.uio.no# /ldap/usr/bin/ldapsearch -x -h bb.uio.no -ZZ -s base -d -1
> > 
> > ldap_connect_to_host: TCP bb.uio.no:389
> > ...
> > ldap_int_sasl_open: host=beeblebrox.uio.no
> 
> Your network admin has very obligingly put your machine directly on
> the Internet and arranged DNS for it.

Yes, he(I) did. :)

> bb.uio.no is a nickname for beeblebrox.uio.no. You asked ldapsearch
> to connect to the nickname, not the canonical name. They are not the
> same as far as the cert is concerned.

No, but the 

            X509v3 Subject Alternative Name: 
                DNS:bb.uio.no

in my .crt should fix that. From all the docs I've red, this should
work. It has worked, in the past. 

ref.
http://www.openldap.org/doc/admin21/tls.html
ftp://ftp.isi.edu/in-notes/rfc2830.txt

> Also, have a look at /etc/hosts and /etc/nsswitch.conf (if you have
> that last one), to see that the latter's hosts entry agrres with
> what you have in the hosts file.

/etc/hosts:
127.0.0.1               localhost.localdomain localhost
129.240.10.17           beeblebrox.uio.no

/ets/nsswitch.conf:
passwd:     compat
shadow:     files nis
group:      files

hosts:      files dns nis
netgroup:   nis

services:   files nis
networks:   nis [NOTFOUND=continue] files
protocols:  nis [NOTFOUND=continue] files
rpc:        nis [NOTFOUND=continue] files
ethers:     nis [NOTFOUND=continue] files
netmasks:   nis [NOTFOUND=continue] files     
bootparams: nis [NOTFOUND=continue] files
publickey:  nis [NOTFOUND=continue] files

automount:  files nis
aliases:    files nis


Howard Chu said it was a client problem, but if the server supports
DNS-aliases, why shouldn't the client(bundled with OpenLDAP) do the
same? I guess I'm missing something here, but I can't figure out what. 

Is it a problem with reverse DNS lookups? I don't know. 

Thanks again for answering.

--
Regards,
Mathias Meisfjordskar
GNU/Linux addict.

"If it works; HIT IT AGAIN!"

Follow-Ups:
- Re: Problems with multiple DNS names in cert.
  - From: Tony Earnshaw <tonni@billy.demon.nl>
- RE: Problems with multiple DNS names in cert.
  - From: "Howard Chu" <hyc@highlandsun.com>

References:
- RE: Problems with multiple DNS names in cert.
  - From: "Howard Chu" <hyc@highlandsun.com>
- Re: Problems with multiple DNS names in cert.
  - From: Mathias Meisfjordskar <mathias.meisfjordskar@usit.uio.no>
- Re: Problems with multiple DNS names in cert.
  - From: Tony Earnshaw <tonni@billy.demon.nl>

Prev by Date: Re: Problems with multiple DNS names in cert.
Next by Date: ldapsearch gives authentication error under AIX 5.1
Index(es):
- Chronological
- Thread