17 Apr
2017
17 Apr
'17
12:39 p.m.
John Lewis wrote:
I am reading in the LDAP spec https://tools.ietf.org/html/rfc4511 about naming contexts and I am looking at my RootDSE.
Since my DIT mirrors DNS https://tools.ietf.org/html/rfc2247, there must be some way to route someone to the correct naming context based on the DNS they were using to access the LDAP server, otherwise I just don't understand the spec.
https://tools.ietf.org/html/rfc2782
Note:
1. If you're using TLS there's AFAIK no specification how to implement the TLS hostname check (see https://tools.ietf.org/html/rfc6125) to prevent MITM attacks.
2. You still need a-priori configuration how the client should authenticate to the directory.
Ciao, Michael.