support for wildcard certficates
Rahul Amaram
rahul at synovel.com
Thu Jul 3 14:23:21 CEST 2008
Hi Michael,
Thanks for the response. I think you have pointed to the correct
problem. ldapwhoami seems to be using ldap library version 2.3.30
whereas python-ldap is probably using 2.1.30. And from this post
http://www.openldap.org/lists/openldap-software/200504/msg00304.html it
is evident that support for wildcart certificates has been incorporated
in a version in between these two.
Thanks a ton for the immediate response.
Regards,
Rahul.
Michael Ströder wrote:
> Rahul Amaram wrote:
>> I have set up a ldap server with a wildcard certificate. Upon trying
>> to establish a TLS connection using python ldap, I get the error
>> "TLS: hostname does not match CN in peer certificate". This works
>> fine if I use a certificate with the exact domain name. Is this a
>> bug? Are there any known solutions to this? Looking forward to a
>> response.
>
> Well, personally I'd recommend not to use wildcard certs at all
> => I never tested anything like this.
>
> python-ldap simply relies on OpenLDAP libs which in turn rely on
> OpenSSL. Hmm, so this should be probably raised on the
> openldap-software mailing list.
>
>> P.S: "ldapwhoami" command establishes a TLS connection properly even
>> when using a wild-card certificate. So I am assuming it might be a
>> problem with python-ldap library.
>
> You might wanna dive into the source of ldapwhoami and look up which
> options they set. BTW: Are you sure that your local python-ldap
> installation uses the same OpenLDAP client libs like the ldapwhoami
> command-line tool?
>
> Ciao, Michael.
More information about the python-ldap
mailing list