Re: [SOLVED] Re: multiple servers in DNS and TLS - Dieter Kluenter - org.openldap.openldap-software

10 messages in org.openldap.openldap-softwareRe: [SOLVED] Re: multiple servers in ...

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	Re: [SOLVED] Re: multiple servers in DNS and TLS	Actions...
From:	Dieter Kluenter (die...@dkluenter.de)
Date:	Jul 17, 2007 8:15:31 pm
List:	org.openldap.openldap-software

ma...@netbsd.org (Emmanuel Dreyfus) writes:

Quanah Gibson-Mount <qua...@zimbra.com> wrote:

Is there some kind of trick to get this done properly?

Use a cert with a correct subjectAltName, or a wildcard cert.

For future reference:

Assuming we have in the DNS the following RR: foo IN A 192.0.2.11 bar IN A 192.0.2.12 ldap 1 IN A 192.0.2.11 ldap 1 IN A 192.0.2.12

Create certificate for foo: subjectAltName=DNS:ldap.example.net,DNS:foo.example.net CN=ldap.example.net

Create certificate for bar: subjectAltName=DNS:ldap.example.net,DNS:bar.example.net CN=ldap.example.net

I know that the subjectAltName type DNS is recommended, but RFC 4513 refers to type dNSName. Is there any reason that OpenLDAP requires type DNS?

-Dieter

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: