lejeczek wrote:
that was me, the way I tried to sing certificate were...
incorrect
apologies and great and many thanks to everybody
I can now ldapsearch on both slapd.domain.local and
slap.domain.external with -ZZZ, all good (only cannot
confirm if CN has to be repeated in subjectAltName as per
Olo's tip, currently it IS repeatedin my cert)
No. The CN does not need to be repeated, anyone who says so is wrong. Other
libraries (e.g. old Solaris/Sun/Mozilla LDAP) may have required this but they
are defective and obsolete. The Mozilla LDAP SDK has been abandoned, and
Solaris 11 now bundles OpenLDAP.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
