[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS LDAP Configuration w/Linux 5.0



On Thursday 21 February 2008 00:07:28 Mathis, Jim wrote:
> OS: RH Enterprise Server 5.1
> Server Certificates: Created using a Common Name of "S80.com"
> Client Certificate: Copied "cacert.pem" from the server and placed into
> "/etc/openldap/cacerts/"

> uri ldaps://192.168.10.1/

> CLIENT /ETC/OPENLDAP/LDAP.CONF
>
> URI ldaps://192.168.10.1/

[...]

> ldapsearch -x 'uid=jmathis' -H ldaps://192.168.10.1
> ldap_bind: Can't contact LDAP server (-1)

The basic rules for SSL validation include "host name you connect to must 
match subject CN", so, if 192.168.10.1 is S80.com, then -H ldaps://S80.com 
should work ... but I guess it isn't, so you need to generate a new cert with 
the name your clients connect to (hostname part of URI).]

Regards,
Buchan