On Thu, Feb 27, 2020 at 12:23:07AM +0000, Howard Chu wrote:
Brian Reichert wrote:
An interesting fact is that if the CN is set to the fqdn like dc01.mydomain.ch (not ldap.mydomain.ch), it works perfectly (with ldap.mydomain.ch as SAN).
I may be misreading this, but this sounds like a TLS issue.
Wrong. The above error message comes from libldap.
Thanks for the clarification; I've not seen this class of error before...
Definitely sounds like the SAN is not set correctly in the cert, but this is definitely libldap complaining, the TLS library doesn't do this hostname check.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/