------=_Part_582781_95096894.1557523728570 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
thank you, this case can be closed. appreciate all your help and clarificat= ion. thanks agian Thank you, Darshankumar Mistry darshankmistry@yahoo.com =20
On Friday, May 10, 2019, 1:53:16 PM PDT, Howard Chu hyc@symas.com wro= te: =20 =20 darshankmistry@yahoo.com wrote:
------=3D_Part_545863_1662769086.1557520342175 Content-Type: text/plain; charset=3DUTF-8 Content-Transfer-Encoding: quoted-printable =20 thank you very much for quick response and openldap behavior configuratio=
n.=3D
=3DC2=3DA0 how we can ignore to look server name in subject of certificate so I can =
us=3D
e LDAP server ip address instead of host name?=3DC2=3DA0 Also want to know if there is any open CVE which says it is vulnerabiliti=
es=3D
=C2=A0 to use LDAP server ip address instead of name in ldap configuration=
.=3DC2=3DA0
Add the IP address in a subjectALternativeName extension to your server cer= tificate.
The behavior here is specified in RFC4513.
=20 =20 Thank you, Darshankumar Mistry darshankmistry@yahoo.com =3D20 =20 =C2=A0 =C2=A0 On Friday, May 10, 2019, 12:58:38 PM PDT, Quanah Gibson-Moun=
t <quanah@s=3D
ymas.com> wrote: =3D20 =3D20 =C2=A0 --On Friday, May 10, 2019 8:52 PM +0000 darshankmistry@yahoo.com wr=
ote:
=20
Full_Name: Darshankumar Mistry Version: OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2001:420:10b:1272:fc1b:1ea:d311:6cac)
I would like to know why Open LDAP behavior was changed where we must have to configure FQDN name mentioned in certificate in order to work LD=
A=3D
P
authentication... else TLS start failing.
=20 OpenLDAP has worked this way since I first started using it in 2002.=3DC2=
=3DA0 =3D
This=3D20 behavior is nothing new.=3DC2=3DA0 And this is the correct behavior. =20 This ITS will be closed. =20 --Quanah =20 =20 -- =20 Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com =20 =C2=A0 =3D20 ------=3D_Part_545863_1662769086.1557520342175 Content-Type: text/html; charset=3DUTF-8 Content-Transfer-Encoding: quoted-printable =20
<html><head></head><body><div class=3D3D"ydpf9876065yahoo-style-wrap" sty=
le=3D
=3D3D"font-family:verdana, helvetica, sans-serif;font-size:13px;"><div><d=
iv>t=3D
hank you very much for quick response and openldap behavior configuration=
.&=3D
nbsp;</div><div><br></div><div>how we can ignore to look server name in s=
ub=3D
ject of certificate so I can use LDAP server ip address instead of host n=
am=3D
e? </div><div><br></div><div>Also want to know if there is any open =
CV=3D
E which says it is vulnerabilities to use LDAP server ip address instead =
of=3D
=C2=A0 name in ldap configuration. </div><div><br></div><div><br></di=
v><div>=3D
<br></div><div class=3D3D"ydpf9876065signature"><div><span class=3D3D"ydp=
f98760=3D
65yui_3_7_2_102_1375813203128_121" style=3D3D"font-family:arial, sans-ser=
if;c=3D
olor:rgb(80, 0, 80);">Thank you,</span><br class=3D3D"ydpf9876065yui_3_7_=
2_10=3D
2_1375813203128_122" style=3D3D"font-family:arial, sans-serif;color:rgb(8=
0, 0=3D
, 80);"><span class=3D3D"ydpf9876065yui_3_7_2_102_1375813203128_123" styl=
e=3D3D=3D
"font-family:arial, sans-serif;color:rgb(80, 0, 80);">Darshankumar Mistry=
</=3D
span><br class=3D3D"ydpf9876065yui_3_7_2_102_1375813203128_124" style=3D3=
D"font=3D
-family:arial, sans-serif;color:rgb(80, 0, 80);"><a href=3D3D"mailto:dars=
hank=3D
mistry@yahoo.com" class=3D3D"ydpf9876065yui_3_7_2_102_1375813203128_125" =
styl=3D
e=3D3D"color:rgb(17, 85, 204);font-family:arial, sans-serif;" rel=3D3D"no=
follow=3D
" target=3D3D"_blank">darshankmistry@yahoo.com</a><br></div></div></div> =C2=A0 =C2=A0 =C2=A0 =C2=A0 <div><br></div><div><br></div> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =3D20 =C2=A0 =C2=A0 =C2=A0 =C2=A0 </div><div id=3D3D"ydpb3d55fc2yahoo_quoted_756=
2650282" class=3D3D"ydpb3=3D
d55fc2yahoo_quoted"> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 <div style=3D3D"font-family:'Hel=
vetica Neue', Helvetica, Arial, s=3D
ans-serif;font-size:13px;color:#26282a;"> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =3D20 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 <div> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 On F=
riday, May 10, 2019, 12:58:38 PM PDT, Quanah Gibson=3D
-Mount <quanah@symas.com> wrote: =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 </div> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 <div><br></div> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 <div><br></div> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 <div>--On Friday, =
May 10, 2019 8:52 PM +0000 <a href=3D3D"mai=3D
lto:darshankmistry@yahoo.com" rel=3D3D"nofollow" target=3D3D"_blank">dars=
hankmi=3D
stry@yahoo.com</a> wrote:<br><br>> Full_Name: Darshankumar Mistry<br>&=
gt=3D
; Version:<br>> OS:<br>> URL: <a href=3D3D"ftp://ftp.openldap.org/i=
ncom=3D
ing/" rel=3D3D"nofollow" target=3D3D"_blank">ftp://ftp.openldap.org/incom=
ing/</=3D
a><br>> Submission from: (NULL) (2001:420:10b:1272:fc1b:1ea:d311:6cac)=
<b=3D
r>><br>><br>> I would like to know why Open LDAP behavior was ch=
an=3D
ged where we must<br>> have to configure FQDN name mentioned in certif=
ic=3D
ate in order to work LDAP<br>> authentication... else TLS start failin=
g.=3D
<br><br>OpenLDAP has worked this way since I first started using it in 20=
02=3D
. This <br>behavior is nothing new. And this is the correct b=
eh=3D
avior.<br><br>This ITS will be closed.<br><br>--Quanah<br><br><br>--<br><=
br=3D
Quanah Gibson-Mount<br>Product Architect<br>Symas Corporation<br>Package=
d,=3D
=C2=A0 certified, and supported LDAP solutions powered by OpenLDAP:<br><=
;<a hre=3D
f=3D3D"http://www.symas.com" rel=3D3D"nofollow" target=3D3D"_blank">http:=
//www.sy=3D
mas.com</a>><br><br></div> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 </div> =C2=A0 =C2=A0 =C2=A0 =C2=A0 </div></body></html> ------=3D_Part_545863_1662769086.1557520342175-- =20 =20 =20 =20
--=20 =C2=A0 -- Howard Chu =C2=A0 CTO, Symas Corp.=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 http://www.symas.= com =C2=A0 Director, Highland Sun=C2=A0 =C2=A0 http://highlandsun.com/hyc/ =C2=A0 Chief Architect, OpenLDAP=C2=A0 http://www.openldap.org/project/ =20 ------=_Part_582781_95096894.1557523728570 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
<html><head></head><body><div class=3D"ydp2c59819dyahoo-style-wrap" style= =3D"font-family:verdana, helvetica, sans-serif;font-size:13px;"><div><div>t= hank you, this case can be closed. appreciate all your help and clarificati= on. thanks agian</div><div><br></div><div class=3D"ydp2c59819dsignature"><d= iv><span class=3D"ydp2c59819dyui_3_7_2_102_1375813203128_121" style=3D"font= -family:arial, sans-serif;color:rgb(80, 0, 80);">Thank you,</span><br class= =3D"ydp2c59819dyui_3_7_2_102_1375813203128_122" style=3D"font-family:arial,= sans-serif;color:rgb(80, 0, 80);"><span class=3D"ydp2c59819dyui_3_7_2_102_= 1375813203128_123" style=3D"font-family:arial, sans-serif;color:rgb(80, 0, = 80);">Darshankumar Mistry</span><br class=3D"ydp2c59819dyui_3_7_2_102_13758= 13203128_124" style=3D"font-family:arial, sans-serif;color:rgb(80, 0, 80);"=
<a href=3D"mailto:darshankmistry@yahoo.com" class=3D"ydp2c59819dyui_3_7_2_=
102_1375813203128_125" style=3D"color:rgb(17, 85, 204);font-family:arial, s= ans-serif;" rel=3D"nofollow" target=3D"_blank">darshankmistry@yahoo.com</a>= <br></div></div></div> <div><br></div><div><br></div> =20 </div><div id=3D"ydp4544e9c6yahoo_quoted_7723269985" class=3D"ydp45= 44e9c6yahoo_quoted"> <div style=3D"font-family:'Helvetica Neue', Helvetica, Arial, s= ans-serif;font-size:13px;color:#26282a;"> =20 <div> On Friday, May 10, 2019, 1:53:16 PM PDT, Howard Chu <= ;hyc@symas.com> wrote: </div> <div><br></div> <div><br></div> <div><div dir=3D"ltr"><a href=3D"mailto:darshankmistry@yaho= o.com" rel=3D"nofollow" target=3D"_blank">darshankmistry@yahoo.com</a> wrot= e:<br></div><div dir=3D"ltr">> ------=3D_Part_545863_1662769086.15575203= 42175<br></div><div dir=3D"ltr">> Content-Type: text/plain; charset=3DUT= F-8<br></div><div dir=3D"ltr">> Content-Transfer-Encoding: quoted-printa= ble<br></div><div dir=3D"ltr">> <br></div><div dir=3D"ltr">> thank yo= u very much for quick response and openldap behavior configuration.=3D<br><= /div><div dir=3D"ltr">> =3DC2=3DA0<br></div><div dir=3D"ltr">> how we= can ignore to look server name in subject of certificate so I can us=3D<br=
</div><div dir=3D"ltr">> e LDAP server ip address instead of host name?=
=3DC2=3DA0<br></div><div dir=3D"ltr">> Also want to know if there is any= open CVE which says it is vulnerabilities=3D<br></div><div dir=3D"ltr">>= ; to use LDAP server ip address instead of name in ldap configuration= .=3DC2=3DA0<br></div><div dir=3D"ltr"><br></div><div dir=3D"ltr">Add the IP= address in a subjectALternativeName extension to your server certificate.<= br></div><div dir=3D"ltr"><br></div><div dir=3D"ltr">The behavior here is s= pecified in RFC4513.<br></div><div dir=3D"ltr">> <br></div><div dir=3D"l= tr">> <br></div><div dir=3D"ltr">> Thank you,<br></div><div dir=3D"lt= r">> Darshankumar Mistry<br></div><div dir=3D"ltr">> <a href=3D"mailt= o:darshankmistry@yahoo.com" rel=3D"nofollow" target=3D"_blank">darshankmist= ry@yahoo.com</a><br></div><div dir=3D"ltr">> =3D20<br></div><div dir=3D"= ltr">> <br></div><div dir=3D"ltr">> On Friday, May 10, = 2019, 12:58:38 PM PDT, Quanah Gibson-Mount <<a href=3D"mailto:quanah@s" = rel=3D"nofollow" target=3D"_blank">quanah@s</a>=3D<br></div><div dir=3D"ltr= ">> ymas.com> wrote: =3D20<br></div><div dir=3D"ltr">> =3D20<br></= div><div dir=3D"ltr">> --On Friday, May 10, 2019 8:52 PM +0000 <a = href=3D"mailto:darshankmistry@yahoo.com" rel=3D"nofollow" target=3D"_blank"=
darshankmistry@yahoo.com</a> wrote:<br></div><div dir=3D"ltr">> <br></d=
iv><div dir=3D"ltr">>> Full_Name: Darshankumar Mistry<br></div><div d= ir=3D"ltr">>> Version:<br></div><div dir=3D"ltr">>> OS:<br></di= v><div dir=3D"ltr">>> URL: <a href=3D"ftp://ftp.openldap.org/incoming= /" rel=3D"nofollow" target=3D"_blank">ftp://ftp.openldap.org/incoming/</a><= br></div><div dir=3D"ltr">>> Submission from: (NULL) (2001:420:10b:12= 72:fc1b:1ea:d311:6cac)<br></div><div dir=3D"ltr">>><br></div><div dir= =3D"ltr">>><br></div><div dir=3D"ltr">>> I would like to know w= hy Open LDAP behavior was changed where we must<br></div><div dir=3D"ltr">&= gt;> have to configure FQDN name mentioned in certificate in order to wo= rk LDA=3D<br></div><div dir=3D"ltr">> P<br></div><div dir=3D"ltr">>&g= t; authentication... else TLS start failing.<br></div><div dir=3D"ltr">>= <br></div><div dir=3D"ltr">> OpenLDAP has worked this way since I first= started using it in 2002.=3DC2=3DA0 =3D<br></div><div dir=3D"ltr">> Thi= s=3D20<br></div><div dir=3D"ltr">> behavior is nothing new.=3DC2=3DA0 An= d this is the correct behavior.<br></div><div dir=3D"ltr">> <br></div><d= iv dir=3D"ltr">> This ITS will be closed.<br></div><div dir=3D"ltr">>= <br></div><div dir=3D"ltr">> --Quanah<br></div><div dir=3D"ltr">> <b= r></div><div dir=3D"ltr">> <br></div><div dir=3D"ltr">> --<br></div><= div dir=3D"ltr">> <br></div><div dir=3D"ltr">> Quanah Gibson-Mount<br=
</div><div dir=3D"ltr">> Product Architect<br></div><div dir=3D"ltr">&g=
t; Symas Corporation<br></div><div dir=3D"ltr">> Packaged, certified, an= d supported LDAP solutions powered by OpenLDAP:<br></div><div dir=3D"ltr">&= gt; <<a href=3D"http://www.symas.com" rel=3D"nofollow" target=3D"_blank"=
http://www.symas.com</a>><br></div><div dir=3D"ltr">> <br></div><div=
dir=3D"ltr">> =3D20<br></div><div dir=3D"ltr">> ------=3D_Part= _545863_1662769086.1557520342175<br></div><div dir=3D"ltr">> Content-Typ= e: text/html; charset=3DUTF-8<br></div><div dir=3D"ltr">> Content-Transf= er-Encoding: quoted-printable<br></div><div dir=3D"ltr">> <br></div><div= dir=3D"ltr">> <html><head></head><body><div = class=3D3D"ydpf9876065yahoo-style-wrap" style=3D<br></div><div dir=3D"ltr">= > =3D3D"font-family:verdana, helvetica, sans-serif;font-size:13px;">&= lt;div><div>t=3D<br></div><div dir=3D"ltr">> hank you very much= for quick response and openldap behavior configuration.&=3D<br></div><= div dir=3D"ltr">> nbsp;</div><div><br></div><= div>how we can ignore to look server name in sub=3D<br></div><div dir=3D= "ltr">> ject of certificate so I can use LDAP server ip address instead = of host nam=3D<br></div><div dir=3D"ltr">> e?&nbsp;</div><d= iv><br></div><div>Also want to know if there is any op= en CV=3D<br></div><div dir=3D"ltr">> E which says it is vulnerabilities = to use LDAP server ip address instead of=3D<br></div><div dir=3D"ltr">>&= nbsp; name in ldap configuration.&nbsp;</div><div><br>= ;</div><div><br></div><div>=3D<br></div><div = dir=3D"ltr">> <br></div><div class=3D3D"ydpf9876065signat= ure"><div><span class=3D3D"ydpf98760=3D<br></div><div dir=3D"lt= r">> 65yui_3_7_2_102_1375813203128_121" style=3D3D"font-family:arial, sa= ns-serif;c=3D<br></div><div dir=3D"ltr">> olor:rgb(80, 0, 80);">Thank= you,</span><br class=3D3D"ydpf9876065yui_3_7_2_10=3D<br></div><di= v dir=3D"ltr">> 2_1375813203128_122" style=3D3D"font-family:arial, sans-= serif;color:rgb(80, 0=3D<br></div><div dir=3D"ltr">> , 80);"><span= class=3D3D"ydpf9876065yui_3_7_2_102_1375813203128_123" style=3D3D=3D<br></= div><div dir=3D"ltr">> "font-family:arial, sans-serif;color:rgb(80, 0, 8= 0);">Darshankumar Mistry</=3D<br></div><div dir=3D"ltr">> span>= <br class=3D3D"ydpf9876065yui_3_7_2_102_1375813203128_124" style=3D3D"fo= nt=3D<br></div><div dir=3D"ltr">> -family:arial, sans-serif;color:rgb(80= , 0, 80);"><a href=3D3D"mailto:darshank=3D<br></div><div dir=3D"ltr">= > <a href=3D"mailto:mistry@yahoo.com" rel=3D"nofollow" target=3D"_blank"=
mistry@yahoo.com</a>" class=3D3D"ydpf9876065yui_3_7_2_102_1375813203128_12=
5" styl=3D<br></div><div dir=3D"ltr">> e=3D3D"color:rgb(17, 85, 204);fon= t-family:arial, sans-serif;" rel=3D3D"nofollow=3D<br></div><div dir=3D"ltr"=
> " target=3D3D"_blank"><a href=3D"mailto:darshankmistry@yahoo.com" =
rel=3D"nofollow" target=3D"_blank">darshankmistry@yahoo.com</a></a>&l= t;br></div></div></div><br></div><div dir=3D"ltr">>= <div><br></div><div>&l= t;br></div><br></div><div dir=3D"ltr">> &nb= sp; =3D20<br></div><div dir=3D"ltr">> </d= iv><div id=3D3D"ydpb3d55fc2yahoo_quoted_7562650282" class=3D3D"ydpb3= =3D<br></div><div dir=3D"ltr">> d55fc2yahoo_quoted"><br></div><div di= r=3D"ltr">> <div style=3D3D= "font-family:'Helvetica Neue', Helvetica, Arial, s=3D<br></div><div dir=3D"= ltr">> ans-serif;font-size:13px;color:#26282a;"><br></div><div dir=3D= "ltr">> =3D20<br>= </div><div dir=3D"ltr">> = <div><br></div><div dir=3D"ltr">> &nb= sp; On Friday, May 10, 2019, 12:= 58:38 PM PDT, Quanah Gibson=3D<br></div><div dir=3D"ltr">> -Mount &l= t;<a href=3D"mailto:quanah@symas.com" rel=3D"nofollow" target=3D"_blank">qu= anah@symas.com</a>&gt; wrote:<br></div><div dir=3D"ltr">> &nbs= p; </div><br></div><div di= r=3D"ltr">> <= div><br></div><br></div><div dir=3D"ltr">> &= nbsp; <div><br></div>= <br></div><div dir=3D"ltr">> &n= bsp; <div>--On Friday, May 10, 2019 8:52 PM +0000 <a href= =3D3D"mai=3D<br></div><div dir=3D"ltr">> lto:<a href=3D"mailto:darshankm= istry@yahoo.com" rel=3D"nofollow" target=3D"_blank">darshankmistry@yahoo.co= m</a>" rel=3D3D"nofollow" target=3D3D"_blank">darshankmi=3D<br></div><di= v dir=3D"ltr">> <a href=3D"mailto:stry@yahoo.com" rel=3D"nofollow" targe= t=3D"_blank">stry@yahoo.com</a></a> wrote:<br><br>&gt= ; Full_Name: Darshankumar Mistry<br>&gt=3D<br></div><div dir=3D"l= tr">> ; Version:<br>&gt; OS:<br>&gt; URL: <a href= =3D3D"<a href=3D"ftp://ftp.openldap.org/incom=3D" rel=3D"nofollow" target= =3D"_blank">ftp://ftp.openldap.org/incom=3D</a><br></div><div dir=3D"ltr">&= gt; ing/" rel=3D3D"nofollow" target=3D3D"_blank"><a href=3D"ftp://ftp.op= enldap.org/incoming/" rel=3D"nofollow" target=3D"_blank">ftp://ftp.openldap= .org/incoming/</a></=3D<br></div><div dir=3D"ltr">> a><br>&a= mp;gt; Submission from: (NULL) (2001:420:10b:1272:fc1b:1ea:d311:6cac)<b= =3D<br></div><div dir=3D"ltr">> r>&gt;<br>&gt;<br>= ;&gt; I would like to know why Open LDAP behavior was chan=3D<br></div>= <div dir=3D"ltr">> ged where we must<br>&gt; have to configure= FQDN name mentioned in certific=3D<br></div><div dir=3D"ltr">> ate in o= rder to work LDAP<br>&gt; authentication... else TLS start failin= g.=3D<br></div><div dir=3D"ltr">> <br><br>OpenLDAP has worke= d this way since I first started using it in 2002=3D<br></div><div dir=3D"l= tr">> .&nbsp; This <br>behavior is nothing new.&nbsp; And = this is the correct beh=3D<br></div><div dir=3D"ltr">> avior.<br>&= lt;br>This ITS will be closed.<br><br>--Quanah<br><= br><br>--<br><br=3D<br></div><div dir=3D"ltr">>> Qu= anah Gibson-Mount<br>Product Architect<br>Symas Corporation<= br>Packaged,=3D<br></div><div dir=3D"ltr">> certified, and supp= orted LDAP solutions powered by OpenLDAP:<br>&lt;<a hre=3D<br>= </div><div dir=3D"ltr">> f=3D3D"<a href=3D"http://www.symas.com" rel=3D"= nofollow" target=3D"_blank">http://www.symas.com</a>" rel=3D3D"nofollow" ta= rget=3D3D"_blank"><a href=3D"http://www.sy=3D" rel=3D"nofollow" target= =3D"_blank">http://www.sy=3D</a><br></div><div dir=3D"ltr">> mas.com<= /a>&gt;<br><br></div><br></div><div dir=3D"ltr">&g= t; </div><br></div><div dir= =3D"ltr">> </div></body></htm= l><br></div><div dir=3D"ltr">> ------=3D_Part_545863_1662769086.15575= 20342175--<br></div><div dir=3D"ltr">> <br></div><div dir=3D"ltr">> <= br></div><div dir=3D"ltr">> <br></div><div dir=3D"ltr">> <br></div><d= iv dir=3D"ltr"><br></div><div dir=3D"ltr"><br></div><div dir=3D"ltr">-- <br=
</div><div dir=3D"ltr"> -- Howard Chu<br></div><div dir=3D"ltr">&nbs=
p; CTO, Symas Corp. <a href=3D"http://ww= w.symas.com" rel=3D"nofollow" target=3D"_blank">http://www.symas.com</a><br=
</div><div dir=3D"ltr"> Director, Highland Sun <a href=
=3D"http://highlandsun.com/hyc/" rel=3D"nofollow" target=3D"_blank">http://= highlandsun.com/hyc/</a><br></div><div dir=3D"ltr"> Chief Architect, = OpenLDAP <a href=3D"http://www.openldap.org/project/" rel=3D"nofollow= " target=3D"_blank">http://www.openldap.org/project/</a><br></div></div> </div> </div></body></html> ------=_Part_582781_95096894.1557523728570--