[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldapsearch with DN in CN

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: ldapsearch with DN in CN
From: Möller Lioh <lioh.moeller@hsr.ch>
Date: Wed, 26 Feb 2020 14:18:53 +0000
Accept-language: de-CH, en-US
Authentication-results: mx1.hsr.ch; none
Content-language: de-CH
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=hsr.ch; s=hsr1119; t=1582726738; bh=FdU4pHbfD8QAhkM2V7ZXLRO0ZLcxZNJX+TbbbVt7gCQ=; h=From:To:Subject:Date; b=K2R6XzhQpa1XEmAFLGmYvd62/8Jkb76o6ytzwSdDk7KqvtxTQUz+4iDRoWP6j/1aW vXQC/rssXnwAxsF7fhA4dm17MKBWcnxUDgoQvEp2UM6s7S1Q4LiEkEs7qW7tmceAvd zgHAmo6HNBsC7eYe3cTyrWbKEBZVt0pcKrTtCSOhj3jVVSiww6NNa78x64dzW/ccmS uDcqOZFCyMCWr2qQCZYneOvtE/PsAWvG12ggfm7NxpvSRqvkZ8aLkCE0naBVOs32wr 4SCpKko+igmwwEoappUFLWNEU+GaR26nIwSW3xeMYetfWjpTxYtyaMvfTxzAdAJZhn djQU3y55p+79g==
Thread-index: AQHV7K+hQs5AUNvC60K26cJXrw/1UQ==
Thread-topic: ldapsearch with DN in CN

Hi all,

I am trying to do a ldapsearch against our Active Directory LDAPS like:

ldapsearch -d1 -x -LLL -D 'CN=serviceaccount,OU=spec,DC=mydomain,DC=ch' -W -H ldaps://ldap.mydomain.ch:636 -b 'OU=my-users,DC=mydomain,DC=ch' -s sub '(memberOf=CN=grp-admins,OU=my-groups,DC=mydomain,DC=ch)'

The domain controllers have certificates generated with CNs like this:

subject: /DC=ch/DC=mydomain/OU=Domain Controllers/CN=DC01,

and a SAN defined as ldap.mydomain.ch.

Yet, I got an error like:

TLS: hostname (ldap.mydomain.ch) does not match common name in
certificate (DC01).

An interesting fact is that if the CN is set to the fqdn like
dc01.mydomain.ch (not ldap.mydomain.ch), it works perfectly (with
ldap.mydomain.ch as SAN).

Isn't ldapsearch 2.4.44 capable of working with DN in subject (CN) or
does it fail to lookup the SAN in such case?

Greetings

Lioh

Follow-Ups:
- Re: ldapsearch with DN in CN
  - From: Brian Reichert <reichert@numachi.com>

Prev by Date: How to simulate slow queries?
Next by Date: Warnings in mdb.c generated by CodeSonar
Index(es):
- Chronological
- Thread