[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch with DN in CN

To: Howard Chu <hyc@symas.com>
Subject: Re: ldapsearch with DN in CN
From: Brian Reichert <reichert@numachi.com>
Date: Thu, 27 Feb 2020 11:01:48 -0500
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>, Brian Reichert <reichert@numachi.com>, M?ller Lioh <lioh.moeller@hsr.ch>
Content-disposition: inline
In-reply-to: <cac2bbcd-4f3d-859e-c5d0-098e263a8177@symas.com>
References: <0e8f0118049b4d70b3025d2ed439b895@hsr.ch> <20200226204913.GD43966@numachi.com> <cac2bbcd-4f3d-859e-c5d0-098e263a8177@symas.com>
User-agent: Mutt/1.5.9i

On Thu, Feb 27, 2020 at 12:23:07AM +0000, Howard Chu wrote:
> Brian Reichert wrote:
> >> An interesting fact is that if the CN is set to the fqdn like
> >> dc01.mydomain.ch (not ldap.mydomain.ch), it works perfectly (with
> >> ldap.mydomain.ch as SAN).
> > 
> > I may be misreading this, but this sounds like a TLS issue.
> 
> Wrong. The above error message comes from libldap.

Thanks for the clarification; I've not seen this class of error before...

> Definitely sounds like the SAN is not set correctly in the cert,
> but this is definitely libldap complaining, the TLS library doesn't
> do this hostname check.
> 
> -- 
>   -- Howard Chu
>   CTO, Symas Corp.           http://www.symas.com
>   Director, Highland Sun     http://highlandsun.com/hyc/
>   Chief Architect, OpenLDAP  http://www.openldap.org/project/
> 

-- 
Brian Reichert				<reichert@numachi.com>
BSD admin/developer at large

References:
- ldapsearch with DN in CN
  - From: Möller Lioh <lioh.moeller@hsr.ch>
- Re: ldapsearch with DN in CN
  - From: Brian Reichert <reichert@numachi.com>
- Re: ldapsearch with DN in CN
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Cannot configure TLS
Next by Date: With MDB Openldap seems to be pretty slower in Windows
Index(es):
- Chronological
- Thread