Why don´t you try ldapsearch -H ldaps://ldap.lih.rwth-aachen.de as Dieter suggest you? I´m not an expert in OpenLdap, but I´ve using it for some years, and some months ago, working with GnuTLS and SSL, I couldn´t contact because in the server certificate the CN was "ldap.server", and I was trying to connect trought ldapsearch -H ldaps://server <http://ldap.lih.rwth-aachen.de/> Both of the names were of the same computer, but SSL gave me an error saying me the CN server was "ldap.server", and I was trying to contact with "server".
2009/10/30 Howard Chu <[email protected]> > Dieter Kluenter wrote: > > Howard Chu <[email protected]> writes: > > > >> Dieter Kluenter wrote: > >>> GnuTLS cannot handle the subjectAltName attribute, thus if eihter > >>> client and/or server are linked with libgnutls it will cause such > >>> problem. > >> > >> False. > > > > OK, > > https://savannah.gnu.org/support/index.php?106975 > > has been fixed. > > Note that this bug only affected certificates that contained XMPP > subjectAltNames. Since XMPP names are relatively new, most certs aren't > affected by this bug. > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ > -- Tristes guerras si no es amor la empresa. Tristes, tristes. Tristes armas si no son las palabras. Tristes, tristes. Tristes hombres si no mueren de amores. Tristes, tristes.
