[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem connecting to LDAP server with TLS when using the LDAP server IP address

To: OpenLDAP-software@OpenLDAP.org
Subject: Re: Problem connecting to LDAP server with TLS when using the LDAP server IP address
From: Chasecreek Systemhouse <chasecreek.systemhouse@gmail.com>
Date: Fri, 10 Dec 2004 10:44:45 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=moSME+llj11jRm/Eea0LVq5pG/aKT0iduyo4Ym/19QBYBe8Bo1w0fZ1gQVnqh59ViEHqIXRexJHsJ381geTT7i6m8exgOyUGcohm7JaznG2O2pS2lbpCRCheEkjTcP5s10VDPt17K1qP1XuaaTLluE3gPhIyHAKtoqZoaPi0Wzk=
In-reply-to: <41B9AA15.3030401@central.susx.ac.uk>
References: <s1b936ed.001@lucius.provo.novell.com> <41B9AA15.3030401@central.susx.ac.uk>

On Fri, 10 Dec 2004 13:52:21 +0000, Dave Lewney <d.m.lewney@sussex.ac.uk> wrote:
> Nithya Balachandran wrote:
> > I have an application that is using OpenLDAP to communicate with a
> > Novell eDirectory LDAP server over TLS/SSL (Am not very sure of the

> You should read the OpenLDAP FAQ on using TLS/SSL
> (http://www.openldap.org/faq/data/cache/185.html) in which it states
> 
> "Remember that the Common Name for this cert should be the fully qualified
> domain name of the server"


A suggestion, if you are on a Private IP also (dual hosted) you neeed
to also set x509 Alternate NickNames for that host in openssl.cnf
BEFORE you create the SSL Request.

Just a suggestion.  :-)
-- 
WC -Sx- Jones
http://insecurity.org/

References:
- Problem connecting to LDAP server with TLS when using the LDAP server IP address
  - From: "Nithya Balachandran" <nbalachandran@novell.com>
- Re: Problem connecting to LDAP server with TLS when using the LDAP server IP address
  - From: Dave Lewney <d.m.lewney@sussex.ac.uk>

Prev by Date: Re: Cache Pb
Next by Date: crypt replication credentials in slapd.conf?
Index(es):
- Chronological
- Thread