Menu
▾
▴
Re: support for wildcard certficates
|
From: Rahul A. <ra...@sy...> - 2008-07-03 12:23:23
|
Hi Michael, Thanks for the response. I think you have pointed to the correct problem. ldapwhoami seems to be using ldap library version 2.3.30 whereas python-ldap is probably using 2.1.30. And from this post http://www.openldap.org/lists/openldap-software/200504/msg00304.html it is evident that support for wildcart certificates has been incorporated in a version in between these two. Thanks a ton for the immediate response. Regards, Rahul. Michael Ströder wrote: > Rahul Amaram wrote: >> I have set up a ldap server with a wildcard certificate. Upon trying >> to establish a TLS connection using python ldap, I get the error >> "TLS: hostname does not match CN in peer certificate". This works >> fine if I use a certificate with the exact domain name. Is this a >> bug? Are there any known solutions to this? Looking forward to a >> response. > > Well, personally I'd recommend not to use wildcard certs at all > => I never tested anything like this. > > python-ldap simply relies on OpenLDAP libs which in turn rely on > OpenSSL. Hmm, so this should be probably raised on the > openldap-software mailing list. > >> P.S: "ldapwhoami" command establishes a TLS connection properly even >> when using a wild-card certificate. So I am assuming it might be a >> problem with python-ldap library. > > You might wanna dive into the source of ldapwhoami and look up which > options they set. BTW: Are you sure that your local python-ldap > installation uses the same OpenLDAP client libs like the ldapwhoami > command-line tool? > > Ciao, Michael. |
