At 08:59 AM 1/18/2007, Sabo, Eric wrote:
I have an vendor that is trying to connect to my active directory (which is windows 2003 native for the forest level and the domain level) via SSL (port 636) using LDAPSEARCH. They want to authenticate users against my active directory. My certificates that I created (microsoft assisted me on this part) One question I have - My certificates contain multiple DNS names (domain name and a simple DNS name - which I want the vendor to use) Does OPENLDAP have a problem with this setup on the certificate?
The OpenLDAP client library used by ldapsearch(1) implements server certificate checking as described in RFC 4513, supporting not only server name in the subject DN but also using a number of alternative subject name choices, namely dNSname and ipAddress.
Question about the command lines they are trying. 1st cmd - ldapsearch -H ldaps://servername -x -D 'CN=name of user' | grep usernameofusertheywanttofind 2nd cmd - ldapsearch -H ldaps://servername -x -s base -D 'cn=name of user'
Any thoughts or opinions on this subject would greatly be appreciated.
Well, I suggest you give it a go and see.
Kurt