Hi all,
I am trying to do a ldapsearch against our Active Directory LDAPS like:
ldapsearch -d1 -x -LLL -D 'CN=serviceaccount,OU=spec,DC=mydomain,DC=ch' -W -H ldaps://ldap.mydomain.ch:636 -b 'OU=my-users,DC=mydomain,DC=ch' -s sub '(memberOf=CN=grp-admins,OU=my-groups,DC=mydomain,DC=ch)'
The domain controllers have certificates generated with CNs like this:
subject: /DC=ch/DC=mydomain/OU=Domain Controllers/CN=DC01,
and a SAN defined as ldap.mydomain.ch.
Yet, I got an error like:
TLS: hostname (ldap.mydomain.ch) does not match common name in certificate (DC01).
An interesting fact is that if the CN is set to the fqdn like dc01.mydomain.ch (not ldap.mydomain.ch), it works perfectly (with ldap.mydomain.ch as SAN).
Isn't ldapsearch 2.4.44 capable of working with DN in subject (CN) or does it fail to lookup the SAN in such case?
Greetings
Lioh