Re: Idea for enabling LDAP SSL certificate checking

To: debian-edu@lists.debian.org
Subject: Re: Idea for enabling LDAP SSL certificate checking
From: Petter Reinholdtsen <pere@hungry.com>
Date: Fri, 13 Aug 2010 10:48:56 +0200
Message-id: <[🔎] 20100813084856.GA31433@login2.uio.no>
In-reply-to: <[🔎] 20100812104745.GM7264@jones.dk>
References: <[🔎] 2fl62zgg4gz.fsf@login1.uio.no> <[🔎] 4C63ADD6.3010805@bzz.no> <[🔎] 20100812082701.GA6851@login2.uio.no> <[🔎] 20100812104745.GM7264@jones.dk>

[Jonas Smedegaard]
> Perhaps what changed was simply host resolving - to more
> aggressively resolve FQDN instead of only hostname.

Could be.  No idea.

Anyway, changing the CN to ldap.intern and adding DNS:ldap and
DNS:localhost as alternative names of the certificate, as well as
making sure clients connect to the FQDN seem to have solved the
certificate checking problem with LDAP.

The fix is in squeeze-test, and all self tests seem to be still
working.

One problem fixed, a million more to go. :)

Happy hacking,
-- 
Petter Reinholdtsen

Reply to:

References:
- Idea for enabling LDAP SSL certificate checking
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: Idea for enabling LDAP SSL certificate checking
  - From: "John S. Skogtvedt" <jss@bzz.no>
- Re: Idea for enabling LDAP SSL certificate checking
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: Idea for enabling LDAP SSL certificate checking
  - From: Jonas Smedegaard <dr@jones.dk>

Prev by Date: debian-edu-config_1.443~svn68312_i386.changes ACCEPTED
Next by Date: Re: Is LWAT completely broken in Squeeze?
Previous by thread: Re: Idea for enabling LDAP SSL certificate checking
Next by thread: Fwd: Firmware images moved
Index(es):
- Date
- Thread