------=_Part_582781_95096894.1557523728570 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
thank you, this case can be closed. appreciate all your help and clarificat= ion. thanks agian Thank you, Darshankumar Mistry [email protected] =20 On Friday, May 10, 2019, 1:53:16 PM PDT, Howard Chu <[email protected]> wro= te: =20 =20 [email protected] wrote: > ------=3D_Part_545863_1662769086.1557520342175 > Content-Type: text/plain; charset=3DUTF-8 > Content-Transfer-Encoding: quoted-printable >=20 > thank you very much for quick response and openldap behavior configuratio= n.=3D > =3DC2=3DA0 > how we can ignore to look server name in subject of certificate so I can = us=3D > e LDAP server ip address instead of host name?=3DC2=3DA0 > Also want to know if there is any open CVE which says it is vulnerabiliti= es=3D >=C2=A0 to use LDAP server ip address instead of name in ldap configuration= .=3DC2=3DA0 Add the IP address in a subjectALternativeName extension to your server cer= tificate. The behavior here is specified in RFC4513. >=20 >=20 > Thank you, > Darshankumar Mistry > [email protected] > =3D20 >=20 >=C2=A0 =C2=A0 On Friday, May 10, 2019, 12:58:38 PM PDT, Quanah Gibson-Moun= t <quanah@s=3D > ymas.com> wrote: =3D20 > =3D20 >=C2=A0 --On Friday, May 10, 2019 8:52 PM +0000 [email protected] wr= ote: >=20 >> Full_Name: Darshankumar Mistry >> Version: >> OS: >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (2001:420:10b:1272:fc1b:1ea:d311:6cac) >> >> >> I would like to know why Open LDAP behavior was changed where we must >> have to configure FQDN name mentioned in certificate in order to work LD= A=3D > P >> authentication... else TLS start failing. >=20 > OpenLDAP has worked this way since I first started using it in 2002.=3DC2= =3DA0 =3D > This=3D20 > behavior is nothing new.=3DC2=3DA0 And this is the correct behavior. >=20 > This ITS will be closed. >=20 > --Quanah >=20 >=20 > -- >=20 > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> >=20 >=C2=A0 =3D20 > ------=3D_Part_545863_1662769086.1557520342175 > Content-Type: text/html; charset=3DUTF-8 > Content-Transfer-Encoding: quoted-printable >=20 > <html><head></head><body><div class=3D3D"ydpf9876065yahoo-style-wrap" sty= le=3D > =3D3D"font-family:verdana, helvetica, sans-serif;font-size:13px;"><div><d= iv>t=3D > hank you very much for quick response and openldap behavior configuration= .&=3D > nbsp;</div><div><br></div><div>how we can ignore to look server name in s= ub=3D > ject of certificate so I can use LDAP server ip address instead of host n= am=3D > e? </div><div><br></div><div>Also want to know if there is any open = CV=3D > E which says it is vulnerabilities to use LDAP server ip address instead = of=3D >=C2=A0 name in ldap configuration. </div><div><br></div><div><br></di= v><div>=3D > <br></div><div class=3D3D"ydpf9876065signature"><div><span class=3D3D"ydp= f98760=3D > 65yui_3_7_2_102_1375813203128_121" style=3D3D"font-family:arial, sans-ser= if;c=3D > olor:rgb(80, 0, 80);">Thank you,</span><br class=3D3D"ydpf9876065yui_3_7_= 2_10=3D > 2_1375813203128_122" style=3D3D"font-family:arial, sans-serif;color:rgb(8= 0, 0=3D > , 80);"><span class=3D3D"ydpf9876065yui_3_7_2_102_1375813203128_123" styl= e=3D3D=3D > "font-family:arial, sans-serif;color:rgb(80, 0, 80);">Darshankumar Mistry= </=3D > span><br class=3D3D"ydpf9876065yui_3_7_2_102_1375813203128_124" style=3D3= D"font=3D > -family:arial, sans-serif;color:rgb(80, 0, 80);"><a href=3D3D"mailto:dars= hank=3D > [email protected]" class=3D3D"ydpf9876065yui_3_7_2_102_1375813203128_125" = styl=3D > e=3D3D"color:rgb(17, 85, 204);font-family:arial, sans-serif;" rel=3D3D"no= follow=3D > " target=3D3D"_blank">[email protected]</a><br></div></div></div> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 <div><br></div><div><br></div> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =3D20 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 </div><div id=3D3D"ydpb3d55fc2yahoo_quoted_756= 2650282" class=3D3D"ydpb3=3D > d55fc2yahoo_quoted"> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 <div style=3D3D"font-family:'Hel= vetica Neue', Helvetica, Arial, s=3D > ans-serif;font-size:13px;color:#26282a;"> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =3D20 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 <div> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 On F= riday, May 10, 2019, 12:58:38 PM PDT, Quanah Gibson=3D > -Mount <[email protected]> wrote: >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 </div> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 <div><br></div> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 <div><br></div> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 <div>--On Friday, = May 10, 2019 8:52 PM +0000 <a href=3D3D"mai=3D > lto:[email protected]" rel=3D3D"nofollow" target=3D3D"_blank">dars= hankmi=3D > [email protected]</a> wrote:<br><br>> Full_Name: Darshankumar Mistry<br>&= gt=3D > ; Version:<br>> OS:<br>> URL: <a href=3D3D"ftp://ftp.openldap.org/i= ncom=3D > ing/" rel=3D3D"nofollow" target=3D3D"_blank">ftp://ftp.openldap.org/incom= ing/</=3D > a><br>> Submission from: (NULL) (2001:420:10b:1272:fc1b:1ea:d311:6cac)= <b=3D > r>><br>><br>> I would like to know why Open LDAP behavior was ch= an=3D > ged where we must<br>> have to configure FQDN name mentioned in certif= ic=3D > ate in order to work LDAP<br>> authentication... else TLS start failin= g.=3D > <br><br>OpenLDAP has worked this way since I first started using it in 20= 02=3D > . This <br>behavior is nothing new. And this is the correct b= eh=3D > avior.<br><br>This ITS will be closed.<br><br>--Quanah<br><br><br>--<br><= br=3D >> Quanah Gibson-Mount<br>Product Architect<br>Symas Corporation<br>Package= d,=3D >=C2=A0 certified, and supported LDAP solutions powered by OpenLDAP:<br><= ;<a hre=3D > f=3D3D"http://www.symas.com"; rel=3D3D"nofollow" target=3D3D"_blank">http:= //www.sy=3D > mas.com</a>><br><br></div> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 </div> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 </div></body></html> > ------=3D_Part_545863_1662769086.1557520342175-- >=20 >=20 >=20 >=20 --=20 =C2=A0 -- Howard Chu =C2=A0 CTO, Symas Corp.=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 http://www.symas.= com =C2=A0 Director, Highland Sun=C2=A0 =C2=A0 http://highlandsun.com/hyc/ =C2=A0 Chief Architect, OpenLDAP=C2=A0 http://www.openldap.org/project/ =20 ------=_Part_582781_95096894.1557523728570 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <html><head></head><body><div class=3D"ydp2c59819dyahoo-style-wrap" style= =3D"font-family:verdana, helvetica, sans-serif;font-size:13px;"><div><div>t= hank you, this case can be closed. appreciate all your help and clarificati= on. thanks agian</div><div><br></div><div class=3D"ydp2c59819dsignature"><d= iv><span class=3D"ydp2c59819dyui_3_7_2_102_1375813203128_121" style=3D"font= -family:arial, sans-serif;color:rgb(80, 0, 80);">Thank you,</span><br class= =3D"ydp2c59819dyui_3_7_2_102_1375813203128_122" style=3D"font-family:arial,= sans-serif;color:rgb(80, 0, 80);"><span class=3D"ydp2c59819dyui_3_7_2_102_= 1375813203128_123" style=3D"font-family:arial, sans-serif;color:rgb(80, 0, = 80);">Darshankumar Mistry</span><br class=3D"ydp2c59819dyui_3_7_2_102_13758= 13203128_124" style=3D"font-family:arial, sans-serif;color:rgb(80, 0, 80);"= ><a href=3D"mailto:[email protected]"; class=3D"ydp2c59819dyui_3_7_2_= 102_1375813203128_125" style=3D"color:rgb(17, 85, 204);font-family:arial, s= ans-serif;" rel=3D"nofollow" target=3D"_blank">[email protected]</a>= <br></div></div></div> <div><br></div><div><br></div> =20 </div><div id=3D"ydp4544e9c6yahoo_quoted_7723269985" class=3D"ydp45= 44e9c6yahoo_quoted"> <div style=3D"font-family:'Helvetica Neue', Helvetica, Arial, s= ans-serif;font-size:13px;color:#26282a;"> =20 <div> On Friday, May 10, 2019, 1:53:16 PM PDT, Howard Chu <= ;[email protected]> wrote: </div> <div><br></div> <div><br></div> <div><div dir=3D"ltr"><a href=3D"mailto:darshankmistry@yaho= o.com" rel=3D"nofollow" target=3D"_blank">[email protected]</a> wrot= e:<br></div><div dir=3D"ltr">> ------=3D_Part_545863_1662769086.15575203= 42175<br></div><div dir=3D"ltr">> Content-Type: text/plain; charset=3DUT= F-8<br></div><div dir=3D"ltr">> Content-Transfer-Encoding: quoted-printa= ble<br></div><div dir=3D"ltr">> <br></div><div dir=3D"ltr">> thank yo= u very much for quick response and openldap behavior configuration.=3D<br><= /div><div dir=3D"ltr">> =3DC2=3DA0<br></div><div dir=3D"ltr">> how we= can ignore to look server name in subject of certificate so I can us=3D<br= ></div><div dir=3D"ltr">> e LDAP server ip address instead of host name?= =3DC2=3DA0<br></div><div dir=3D"ltr">> Also want to know if there is any= open CVE which says it is vulnerabilities=3D<br></div><div dir=3D"ltr">>= ; to use LDAP server ip address instead of name in ldap configuration= .=3DC2=3DA0<br></div><div dir=3D"ltr"><br></div><div dir=3D"ltr">Add the IP= address in a subjectALternativeName extension to your server certificate.<= br></div><div dir=3D"ltr"><br></div><div dir=3D"ltr">The behavior here is s= pecified in RFC4513.<br></div><div dir=3D"ltr">> <br></div><div dir=3D"l= tr">> <br></div><div dir=3D"ltr">> Thank you,<br></div><div dir=3D"lt= r">> Darshankumar Mistry<br></div><div dir=3D"ltr">> <a href=3D"mailt= o:[email protected]" rel=3D"nofollow" target=3D"_blank">darshankmist= [email protected]</a><br></div><div dir=3D"ltr">> =3D20<br></div><div dir=3D"= ltr">> <br></div><div dir=3D"ltr">> On Friday, May 10, = 2019, 12:58:38 PM PDT, Quanah Gibson-Mount <<a href=3D"mailto:quanah@s"; = rel=3D"nofollow" target=3D"_blank">quanah@s</a>=3D<br></div><div dir=3D"ltr= ">> ymas.com> wrote: =3D20<br></div><div dir=3D"ltr">> =3D20<br></= div><div dir=3D"ltr">> --On Friday, May 10, 2019 8:52 PM +0000 <a = href=3D"mailto:[email protected]"; rel=3D"nofollow" target=3D"_blank"= >[email protected]</a> wrote:<br></div><div dir=3D"ltr">> <br></d= iv><div dir=3D"ltr">>> Full_Name: Darshankumar Mistry<br></div><div d= ir=3D"ltr">>> Version:<br></div><div dir=3D"ltr">>> OS:<br></di= v><div dir=3D"ltr">>> URL: <a href=3D"ftp://ftp.openldap.org/incoming= /" rel=3D"nofollow" target=3D"_blank">ftp://ftp.openldap.org/incoming/</a><= br></div><div dir=3D"ltr">>> Submission from: (NULL) (2001:420:10b:12= 72:fc1b:1ea:d311:6cac)<br></div><div dir=3D"ltr">>><br></div><div dir= =3D"ltr">>><br></div><div dir=3D"ltr">>> I would like to know w= hy Open LDAP behavior was changed where we must<br></div><div dir=3D"ltr">&= gt;> have to configure FQDN name mentioned in certificate in order to wo= rk LDA=3D<br></div><div dir=3D"ltr">> P<br></div><div dir=3D"ltr">>&g= t; authentication... else TLS start failing.<br></div><div dir=3D"ltr">>= <br></div><div dir=3D"ltr">> OpenLDAP has worked this way since I first= started using it in 2002.=3DC2=3DA0 =3D<br></div><div dir=3D"ltr">> Thi= s=3D20<br></div><div dir=3D"ltr">> behavior is nothing new.=3DC2=3DA0 An= d this is the correct behavior.<br></div><div dir=3D"ltr">> <br></div><d= iv dir=3D"ltr">> This ITS will be closed.<br></div><div dir=3D"ltr">>= <br></div><div dir=3D"ltr">> --Quanah<br></div><div dir=3D"ltr">> <b= r></div><div dir=3D"ltr">> <br></div><div dir=3D"ltr">> --<br></div><= div dir=3D"ltr">> <br></div><div dir=3D"ltr">> Quanah Gibson-Mount<br= ></div><div dir=3D"ltr">> Product Architect<br></div><div dir=3D"ltr">&g= t; Symas Corporation<br></div><div dir=3D"ltr">> Packaged, certified, an= d supported LDAP solutions powered by OpenLDAP:<br></div><div dir=3D"ltr">&= gt; <<a href=3D"http://www.symas.com"; rel=3D"nofollow" target=3D"_blank"= >http://www.symas.com</a>><br></div><div dir=3D"ltr">> <br></div><div= dir=3D"ltr">> =3D20<br></div><div dir=3D"ltr">> ------=3D_Part= _545863_1662769086.1557520342175<br></div><div dir=3D"ltr">> Content-Typ= e: text/html; charset=3DUTF-8<br></div><div dir=3D"ltr">> Content-Transf= er-Encoding: quoted-printable<br></div><div dir=3D"ltr">> <br></div><div= dir=3D"ltr">> <html><head></head><body><div = class=3D3D"ydpf9876065yahoo-style-wrap" style=3D<br></div><div dir=3D"ltr">= > =3D3D"font-family:verdana, helvetica, sans-serif;font-size:13px;">&= lt;div><div>t=3D<br></div><div dir=3D"ltr">> hank you very much= for quick response and openldap behavior configuration.&=3D<br></div><= div dir=3D"ltr">> nbsp;</div><div><br></div><= div>how we can ignore to look server name in sub=3D<br></div><div dir=3D= "ltr">> ject of certificate so I can use LDAP server ip address instead = of host nam=3D<br></div><div dir=3D"ltr">> e?&nbsp;</div><d= iv><br></div><div>Also want to know if there is any op= en CV=3D<br></div><div dir=3D"ltr">> E which says it is vulnerabilities = to use LDAP server ip address instead of=3D<br></div><div dir=3D"ltr">>&= nbsp; name in ldap configuration.&nbsp;</div><div><br>= ;</div><div><br></div><div>=3D<br></div><div = dir=3D"ltr">> <br></div><div class=3D3D"ydpf9876065signat= ure"><div><span class=3D3D"ydpf98760=3D<br></div><div dir=3D"lt= r">> 65yui_3_7_2_102_1375813203128_121" style=3D3D"font-family:arial, sa= ns-serif;c=3D<br></div><div dir=3D"ltr">> olor:rgb(80, 0, 80);">Thank= you,</span><br class=3D3D"ydpf9876065yui_3_7_2_10=3D<br></div><di= v dir=3D"ltr">> 2_1375813203128_122" style=3D3D"font-family:arial, sans-= serif;color:rgb(80, 0=3D<br></div><div dir=3D"ltr">> , 80);"><span= class=3D3D"ydpf9876065yui_3_7_2_102_1375813203128_123" style=3D3D=3D<br></= div><div dir=3D"ltr">> "font-family:arial, sans-serif;color:rgb(80, 0, 8= 0);">Darshankumar Mistry</=3D<br></div><div dir=3D"ltr">> span>= <br class=3D3D"ydpf9876065yui_3_7_2_102_1375813203128_124" style=3D3D"fo= nt=3D<br></div><div dir=3D"ltr">> -family:arial, sans-serif;color:rgb(80= , 0, 80);"><a href=3D3D"mailto:darshank=3D<br></div><div dir=3D"ltr">= > <a href=3D"mailto:[email protected]"; rel=3D"nofollow" target=3D"_blank"= >[email protected]</a>" class=3D3D"ydpf9876065yui_3_7_2_102_1375813203128_12= 5" styl=3D<br></div><div dir=3D"ltr">> e=3D3D"color:rgb(17, 85, 204);fon= t-family:arial, sans-serif;" rel=3D3D"nofollow=3D<br></div><div dir=3D"ltr"= >> " target=3D3D"_blank"><a href=3D"mailto:[email protected]"; = rel=3D"nofollow" target=3D"_blank">[email protected]</a></a>&l= t;br></div></div></div><br></div><div dir=3D"ltr">>= <div><br></div><div>&l= t;br></div><br></div><div dir=3D"ltr">> &nb= sp; =3D20<br></div><div dir=3D"ltr">> </d= iv><div id=3D3D"ydpb3d55fc2yahoo_quoted_7562650282" class=3D3D"ydpb3= =3D<br></div><div dir=3D"ltr">> d55fc2yahoo_quoted"><br></div><div di= r=3D"ltr">> <div style=3D3D= "font-family:'Helvetica Neue', Helvetica, Arial, s=3D<br></div><div dir=3D"= ltr">> ans-serif;font-size:13px;color:#26282a;"><br></div><div dir=3D= "ltr">> =3D20<br>= </div><div dir=3D"ltr">> = <div><br></div><div dir=3D"ltr">> &nb= sp; On Friday, May 10, 2019, 12:= 58:38 PM PDT, Quanah Gibson=3D<br></div><div dir=3D"ltr">> -Mount &l= t;<a href=3D"mailto:[email protected]"; rel=3D"nofollow" target=3D"_blank">qu= [email protected]</a>&gt; wrote:<br></div><div dir=3D"ltr">> &nbs= p; </div><br></div><div di= r=3D"ltr">> <= div><br></div><br></div><div dir=3D"ltr">> &= nbsp; <div><br></div>= <br></div><div dir=3D"ltr">> &n= bsp; <div>--On Friday, May 10, 2019 8:52 PM +0000 <a href= =3D3D"mai=3D<br></div><div dir=3D"ltr">> lto:<a href=3D"mailto:darshankm= [email protected]" rel=3D"nofollow" target=3D"_blank">[email protected]= m</a>" rel=3D3D"nofollow" target=3D3D"_blank">darshankmi=3D<br></div><di= v dir=3D"ltr">> <a href=3D"mailto:[email protected]"; rel=3D"nofollow" targe= t=3D"_blank">[email protected]</a></a> wrote:<br><br>&gt= ; Full_Name: Darshankumar Mistry<br>&gt=3D<br></div><div dir=3D"l= tr">> ; Version:<br>&gt; OS:<br>&gt; URL: <a href= =3D3D"<a href=3D"ftp://ftp.openldap.org/incom=3D"; rel=3D"nofollow" target= =3D"_blank">ftp://ftp.openldap.org/incom=3D</a><br></div><div dir=3D"ltr">&= gt; ing/" rel=3D3D"nofollow" target=3D3D"_blank"><a href=3D"ftp://ftp.op= enldap.org/incoming/" rel=3D"nofollow" target=3D"_blank">ftp://ftp.openldap= .org/incoming/</a></=3D<br></div><div dir=3D"ltr">> a><br>&a= mp;gt; Submission from: (NULL) (2001:420:10b:1272:fc1b:1ea:d311:6cac)<b= =3D<br></div><div dir=3D"ltr">> r>&gt;<br>&gt;<br>= ;&gt; I would like to know why Open LDAP behavior was chan=3D<br></div>= <div dir=3D"ltr">> ged where we must<br>&gt; have to configure= FQDN name mentioned in certific=3D<br></div><div dir=3D"ltr">> ate in o= rder to work LDAP<br>&gt; authentication... else TLS start failin= g.=3D<br></div><div dir=3D"ltr">> <br><br>OpenLDAP has worke= d this way since I first started using it in 2002=3D<br></div><div dir=3D"l= tr">> .&nbsp; This <br>behavior is nothing new.&nbsp; And = this is the correct beh=3D<br></div><div dir=3D"ltr">> avior.<br>&= lt;br>This ITS will be closed.<br><br>--Quanah<br><= br><br>--<br><br=3D<br></div><div dir=3D"ltr">>> Qu= anah Gibson-Mount<br>Product Architect<br>Symas Corporation<= br>Packaged,=3D<br></div><div dir=3D"ltr">> certified, and supp= orted LDAP solutions powered by OpenLDAP:<br>&lt;<a hre=3D<br>= </div><div dir=3D"ltr">> f=3D3D"<a href=3D"http://www.symas.com"; rel=3D"= nofollow" target=3D"_blank">http://www.symas.com</a>" rel=3D3D"nofollow" ta= rget=3D3D"_blank"><a href=3D"http://www.sy=3D"; rel=3D"nofollow" target= =3D"_blank">http://www.sy=3D</a><br></div><div dir=3D"ltr">> mas.com<= /a>&gt;<br><br></div><br></div><div dir=3D"ltr">&g= t; </div><br></div><div dir= =3D"ltr">> </div></body></htm= l><br></div><div dir=3D"ltr">> ------=3D_Part_545863_1662769086.15575= 20342175--<br></div><div dir=3D"ltr">> <br></div><div dir=3D"ltr">> <= br></div><div dir=3D"ltr">> <br></div><div dir=3D"ltr">> <br></div><d= iv dir=3D"ltr"><br></div><div dir=3D"ltr"><br></div><div dir=3D"ltr">-- <br= ></div><div dir=3D"ltr"> -- Howard Chu<br></div><div dir=3D"ltr">&nbs= p; CTO, Symas Corp. <a href=3D"http://ww= w.symas.com" rel=3D"nofollow" target=3D"_blank">http://www.symas.com</a><br= ></div><div dir=3D"ltr"> Director, Highland Sun <a href= =3D"http://highlandsun.com/hyc/"; rel=3D"nofollow" target=3D"_blank">http://= highlandsun.com/hyc/</a><br></div><div dir=3D"ltr"> Chief Architect, = OpenLDAP <a href=3D"http://www.openldap.org/project/"; rel=3D"nofollow= " target=3D"_blank">http://www.openldap.org/project/</a><br></div></div> </div> </div></body></html> ------=_Part_582781_95096894.1557523728570--
