Tony Earnshaw wrote:
Wrong. The resolver stops as soon as it finds one match, it will not look in both places. There is nothing wrong with this hosts configuration.ons, 01.12.2004 kl. 00.42 skrev Chasecreek Systemhouse:
OK, My DN should match my CN.
dn: dc=debian,dc=insecurity,dc=org ... dn: cn=admin,dc=debian,dc=insecurity,dc=org
Is there any reason why a Cert created for debian.insecurity.org should NOT work now?
ldapsearch -x -b 'dc=debian,dc=insecurity,dc=org' -D "cn=admin,dc=debian,dc=insecurity,dc=org" '(objectclass=*)' -H ldap://192.168.2.2 -W
Works as expected; however this still hangs the server:
ldapsearch -x -b 'dc=debian,dc=insecurity,dc=org' -D
"cn=admin,dc=debian,dc=insecurity,dc=org" '(objectclass=*)' -H
ldaps://192.168.2.2 -W
If slapd is using the resolver, which it is (do an ldd on the binary) it
will go both to your /etc/hosts then to DNS and get two different IP
addresses for the subject CN in the server cert. You shouldn't use the
same hostname for both 192.168.2.2 and 68.214.83.106.- your local lan
shouldn't be known to the machine as insecurity.org - it's a different
zone. Maybe that's why it's hanging.
Moreover, if it' true (as you wrote in a recent posting that you're
using OL 2.1.3 (and not 2.1.30) then that's a really buggy version. I
started with 2.1.8 and that was bad enough.
This is more likely to be relevant than anything else.
-- -- Howard Chu Chief Architect, Symas Corp. Director, Highland Sun http://www.symas.com http://highlandsun.com/hyc Symas: Premier OpenSource Development and Support