[email protected] wrote: > ------=_Part_545863_1662769086.1557520342175 > Content-Type: text/plain; charset=UTF-8 > Content-Transfer-Encoding: quoted-printable > > thank you very much for quick response and openldap behavior configuration.= > =C2=A0 > how we can ignore to look server name in subject of certificate so I can us= > e LDAP server ip address instead of host name?=C2=A0 > Also want to know if there is any open CVE which says it is vulnerabilities= > to use LDAP server ip address instead of name in ldap configuration.=C2=A0
Add the IP address in a subjectALternativeName extension to your server certificate. The behavior here is specified in RFC4513. > > > Thank you, > Darshankumar Mistry > [email protected] > =20 > > On Friday, May 10, 2019, 12:58:38 PM PDT, Quanah Gibson-Mount <quanah@s= > ymas.com> wrote: =20 > =20 > --On Friday, May 10, 2019 8:52 PM +0000 [email protected] wrote: > >> Full_Name: Darshankumar Mistry >> Version: >> OS: >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (2001:420:10b:1272:fc1b:1ea:d311:6cac) >> >> >> I would like to know why Open LDAP behavior was changed where we must >> have to configure FQDN name mentioned in certificate in order to work LDA= > P >> authentication... else TLS start failing. > > OpenLDAP has worked this way since I first started using it in 2002.=C2=A0 = > This=20 > behavior is nothing new.=C2=A0 And this is the correct behavior. > > This ITS will be closed. > > --Quanah > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> > > =20 > ------=_Part_545863_1662769086.1557520342175 > Content-Type: text/html; charset=UTF-8 > Content-Transfer-Encoding: quoted-printable > > <html><head></head><body><div class=3D"ydpf9876065yahoo-style-wrap" style= > =3D"font-family:verdana, helvetica, sans-serif;font-size:13px;"><div><div>t= > hank you very much for quick response and openldap behavior configuration.&= > nbsp;</div><div><br></div><div>how we can ignore to look server name in sub= > ject of certificate so I can use LDAP server ip address instead of host nam= > e? </div><div><br></div><div>Also want to know if there is any open CV= > E which says it is vulnerabilities to use LDAP server ip address instead of= > name in ldap configuration. </div><div><br></div><div><br></div><div>= > <br></div><div class=3D"ydpf9876065signature"><div><span class=3D"ydpf98760= > 65yui_3_7_2_102_1375813203128_121" style=3D"font-family:arial, sans-serif;c= > olor:rgb(80, 0, 80);">Thank you,</span><br class=3D"ydpf9876065yui_3_7_2_10= > 2_1375813203128_122" style=3D"font-family:arial, sans-serif;color:rgb(80, 0= > , 80);"><span class=3D"ydpf9876065yui_3_7_2_102_1375813203128_123" style=3D= > "font-family:arial, sans-serif;color:rgb(80, 0, 80);">Darshankumar Mistry</= > span><br class=3D"ydpf9876065yui_3_7_2_102_1375813203128_124" style=3D"font= > -family:arial, sans-serif;color:rgb(80, 0, 80);"><a href=3D"mailto:darshank= > [email protected]" class=3D"ydpf9876065yui_3_7_2_102_1375813203128_125" styl= > e=3D"color:rgb(17, 85, 204);font-family:arial, sans-serif;" rel=3D"nofollow= > " target=3D"_blank">[email protected]</a><br></div></div></div> > <div><br></div><div><br></div> > =20 > </div><div id=3D"ydpb3d55fc2yahoo_quoted_7562650282" class=3D"ydpb3= > d55fc2yahoo_quoted"> > <div style=3D"font-family:'Helvetica Neue', Helvetica, Arial, s= > ans-serif;font-size:13px;color:#26282a;"> > =20 > <div> > On Friday, May 10, 2019, 12:58:38 PM PDT, Quanah Gibson= > -Mount <[email protected]> wrote: > </div> > <div><br></div> > <div><br></div> > <div>--On Friday, May 10, 2019 8:52 PM +0000 <a href=3D"mai= > lto:[email protected]" rel=3D"nofollow" target=3D"_blank">darshankmi= > [email protected]</a> wrote:<br><br>> Full_Name: Darshankumar Mistry<br>>= > ; Version:<br>> OS:<br>> URL: <a href=3D"ftp://ftp.openldap.org/incom= > ing/" rel=3D"nofollow" target=3D"_blank">ftp://ftp.openldap.org/incoming/</= > a><br>> Submission from: (NULL) (2001:420:10b:1272:fc1b:1ea:d311:6cac)<b= > r>><br>><br>> I would like to know why Open LDAP behavior was chan= > ged where we must<br>> have to configure FQDN name mentioned in certific= > ate in order to work LDAP<br>> authentication... else TLS start failing.= > <br><br>OpenLDAP has worked this way since I first started using it in 2002= > . This <br>behavior is nothing new. And this is the correct beh= > avior.<br><br>This ITS will be closed.<br><br>--Quanah<br><br><br>--<br><br= >> Quanah Gibson-Mount<br>Product Architect<br>Symas Corporation<br>Packaged,= > certified, and supported LDAP solutions powered by OpenLDAP:<br><<a hre= > f=3D"http://www.symas.com"; rel=3D"nofollow" target=3D"_blank">http://www.sy= > mas.com</a>><br><br></div> > </div> > </div></body></html> > ------=_Part_545863_1662769086.1557520342175-- > > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
