Ubuntu
openldap package

libnss-ldap doesn't support SubjAlt-names on certificates

Bug #140502 reported by MrTux
2
Affects Status Importance Assigned to Milestone
libnss-ldap (Ubuntu)
Invalid
Undecided
Unassigned
libpam-ldap (Ubuntu)
Invalid
Undecided
Unassigned
openldap (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

libnss-ldap doesn't support SubjAlt-names on certificates, which is a big problem for me. I suppose that's because it's compiled against libtls or libgtls and not against OpenSSL. On a Mandriva-Machine (libnss-ldap is compiled against openssl) libnss-ldap honours the SubjAlt-Name and not just the common-name.

Please fix that on a next release, maybe by compiling libnss-ldap against openssl.

PS: When I tried to choose libnss-ldap as package I got a 404-error with this ID: OOPS-625E1416

Revision history for this message
MrTux (sstrickroth) wrote :

Furhter investigations showed that this is not directly a problem of libnss-ldap, but a problem of openldap (libldap2) which is linked against libgtls - so all tools and packages bases on this library are affected of this issue (e.g. pam-ldap).

Revision history for this message
Steve Langasek (vorlon) wrote :

Thank you for taking the time to report this issue and help to improve Ubuntu.

I believe that the libldap-2.4-2 package included in Ubuntu 8.04 correctly supports SubjAlt names on certificates, and am therefore closing this bug. If you are still seeing problems, please feel free to reopen the report.

Changed in openldap:
status: New → Fix Released
Changed in libpam-ldap:
status: New → Invalid
Changed in libnss-ldap:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.