disable ldap hostname verification?

Baron Fujimoto baron at hawaii.edu
Tue May 15 02:14:07 BST 2012


Is there a way to disable hostname verification for LDAPS in 2.3.6 via
IdP config files?  I understand that it's there for the security update,
but due to peculiarities of our current architecture[*], we're getting
tripped up by this. Unless there's a way to disable this, we'll have to
forego upgrading our IdP until we can figure out a workaround.

[*] ldap hosts behind a load-balanced virtual host, the SSL cert is
issued for the virtual hostame. However, because we have suspected
issues with our load balancer, I've been pointing our attribute resolver
at the pool of real ldap hosts behind the virtual host - but these
hostnames don't match the SSL cert's.

-baron
-- 
Baron Fujimoto <baron at hawaii.edu> :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum


More information about the users mailing list