[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP and SSL
- To: Openldap list <openldap-software@OpenLDAP.org>
- Subject: Re: LDAP and SSL
- From: Tony Earnshaw <tonye@billy.demon.nl>
- Date: Wed, 01 Dec 2004 18:05:59 +0100
- In-reply-to: <41ADDB8E.30808@symas.com>
- Organization: Billy
- References: <91f88ee204112810284d745e7f@mail.gmail.com> <91f88ee20411291128211545e@mail.gmail.com> <1101811667.30561.34.camel@localhost> <91f88ee2041130055298cc51d@mail.gmail.com> <1101825984.874.19.camel@localhost> <91f88ee204113008267b58d0d5@mail.gmail.com> <1101843349.4634.22.camel@localhost> <91f88ee2041130133053273c4f@mail.gmail.com> <91f88ee2041130133526288008@mail.gmail.com> <91f88ee2041130141335739ad@mail.gmail.com> <91f88ee2041130154229e592e0@mail.gmail.com> <1101896882.9372.54.camel@localhost> <41ADDB8E.30808@symas.com>
ons, 01.12.2004 kl. 15.56 skrev Howard Chu:
> >If slapd is using the resolver, which it is (do an ldd on the binary) it
> >will go both to your /etc/hosts then to DNS and get two different IP
> >addresses for the subject CN in the server cert. You shouldn't use the
> >same hostname for both 192.168.2.2 and 68.214.83.106.- your local lan
> >shouldn't be known to the machine as insecurity.org - it's a different
> >zone. Maybe that's why it's hanging.
> >
> >
> Wrong. The resolver stops as soon as it finds one match, it will not
> look in both places. There is nothing wrong with this hosts configuration.
>
> The fact that the server hangs cannot be caused by any content of the
> certificate. This whole line of pursuit is pointless.
So why is his machine hanging, whilst mine and no-one else's in the
whole wide Openldap world (at least, that of the subscribers to this
list) isn't? Including Debian users ;) Oh, and yes; though he now has it
working, it's still hanging.
Solve that one.
The fact remains that Bill is defining insecurity.org in 2 discrete
zones and that, in any sysadmin's language, is a no-no.
> >Moreover, if it' true (as you wrote in a recent posting that you're
> >using OL 2.1.3 (and not 2.1.30) then that's a really buggy version. I
> >started with 2.1.8 and that was bad enough.
> >
> >
> This is more likely to be relevant than anything else.
Turns out it was 2.1.30.
--Tonni
--
Nothing sucksseeds like a pigeon without a beak ...
mail: tonye@billy.demon.nl
http://www.billy.demon.nl
They love us, don't they, They feed us, won't they ...
- Follow-Ups:
- Re: LDAP and SSL
- From: Chasecreek Systemhouse <chasecreek.systemhouse@gmail.com>