--On Friday, May 10, 2019 9:32 PM +0000 darshan mistry darshankmistry@yahoo.com wrote:

how we can ignore to look server name in subject of certificate so I can use LDAP server ip address instead of host name?

If you want to allow connecting over the IP address with TLS, then add it as a subjectAltName value in the certificate, for example:

subjectAltName=IP:1.2.3.4

Also want to know if there is any open CVE which says it is vulnerabilities to use LDAP server ip address instead of name in ldap configuration.

I'm not aware of any such CVE or why there would be one.

--Quanah

--

Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com