Re: SSL based ldap server

Aneela Saleem Fri, 02 Oct 2015 03:21:07 -0700

What if i want to access LDAP from external source? how would it recognize
platalytics.com?


On Fri, Oct 2, 2015 at 1:18 PM, Michael Ströder <[email protected]>
wrote:

> Aneela Saleem wrote:
> > Hi all,
> >
> > I have implemented LDAP over ssl. FQDN of LDAP server is "
> platalytics.com"
> > and same is CN in the SSL certificate. But why is it so that when i run
> > following command it works fine i.e.,
> >
> > ldapsearch -x -D "cn=aneela,ou=users,dc=platalytics,dc=com" -W -H ldap://
> > 127.0.0.1:389 -b "dc=platalytics,dc=com" -s sub 'cn=aneela'
> >
> > but in case of ldaps, i have to provide FQDN as the hostname i.e.,
> >
> > ldapsearch -x -D "cn=aneela,ou=users,dc=platalytics,dc=com" -W -H
> ldaps://
> > platalytics.com:636 -b "dc=platalytics,dc=com" -s sub 'cn=aneela'
> >
> > because following command does not work i.e.,
> >
> > ldapsearch -x -D "cn=aneela,ou=users,dc=platalytics,dc=com" -W -H
> ldaps://
> > 127.0.0.1:636 -b "dc=platalytics,dc=com" -s sub 'cn=aneela'
>
> The mandatory TLS hostname check is a prevention against MITM attacks.
>
> ldaps://127.0.0.1 does not make sense anyway.
>
> And even better you should use ldapi:// [1] for local access.
>
> http://tools.ietf.org/html/draft-chu-ldap-ldapi
>
> Ciao, Michael.
>
>

Re: SSL based ldap server

Reply via email to