ldap/ssl failure: server name mismatch

Discussion in 'Mail Gateway: Installation and configuration' started by IEM, Sep 5, 2018.

Tags:
  1. IEM

    IEM Member

    Joined:
    Sep 4, 2018
    Messages:
    30
    Likes Received:
    1
    i cannot connect my PMG to an LDAPS (ldap/ssl) server.

    the LDAPS server uses a valid certificate (signed by letsencrypt), and I can use it just fine with e.g. ldapsearch -x -H ldaps://ldap.example.com`.

    however with PMG, the connection is terminated, because of certificate errors.
    The root cause for this is quite obviously because the `Server` field in the LDAP-Profile can only be an IP address.both IPv4 and IPv6 seems to be allowed, so the textfield is limited to the following characters
    Code:
    [0-9a-fA-Z.:]
    now, my certificate is (as any good certificate) valid for the DNS-name (e.g. `ldap.example.com`) but not for the associated IP (`192.168.1.2`).

    However, PMG/ldap seems to validate the subject name of the certificate against the IP address and fails.

    my current workaround to the problem is to run a local ldap-proxy, that speaks LDAP to PMG, but communicates with the real server using LDAPS.


    i don't really understand why I cannot add a domain name in the `server` field (and i even tried on the cmdline).
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice