[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Context around DNS resolution

To: Joshua Schaeffer <jschaeffer0922@gmail.com>, openldap-technical@openldap.org
Subject: Re: Context around DNS resolution
From: Michael Ströder <michael@stroeder.com>
Date: Sun, 09 Mar 2014 16:09:57 +0100
In-reply-to: <531C7E83.3080803@gmail.com>
References: <531C7E83.3080803@gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0 SeaMonkey/2.24

Joshua Schaeffer wrote:
> when I runthe following ldapsearch I get an error:
> 
> jschaeffer@zipmaster07:~$ ldapsearch -LLL -v -D cn=admin,dc=harmonywave,dc=com
> -W -H ldaps://baneling -b uid=jschaeffer,ou=People,dc=harmonywave,dc=com
> ldap_initialize( ldaps://baneling:636/??base )
> Enter LDAP Password:
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
> 
> If I use the FQDN for the URI then everything works fine and I get results.

That's because of the TLS hostname check which checks against the server's
certificate.

=> always use FQDN with TLS

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- Context around DNS resolution
  - From: Joshua Schaeffer <jschaeffer0922@gmail.com>

Prev by Date: Context around DNS resolution
Next by Date: user can't login via LDAP
Index(es):
- Chronological
- Thread