Bug 1884170 - Satellite 6.7 is not able to connect to the LDAP using the CN if the certificate has alternative name set
Summary: Satellite 6.7 is not able to connect to the LDAP using the CN if the certific...
Keywords:
Status: NEW
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: LDAP
Version: 6.7.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium vote
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Omkar Khatavkar
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-10-01 09:05 UTC by Ahmed Eladawy
Modified: 2020-10-06 08:18 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:


Attachments (Terms of Use)

Description Ahmed Eladawy 2020-10-01 09:05:20 UTC
Description of problem:

Satellite 6.7 is not able to connect to the LDAP using the CN if the certificate has alternative name set

The customer used the alternative name from the certificate to make the connection works.

Version-Release number of selected component (if applicable):
Satellite 6.7

How reproducible:

Can not reproduced as we do not have LDAP test environment.

Steps to Reproduce:
1. The LDAP certificate has an alternative name set.
2. Create Create LDAP Auth Source with Server name set to the certificate CN


Actual results:

ERF50-1006 [Foreman::WrappedException]: Unable to connect to LDAP server ([Net::LDAP::Error]: hostname "LDAP-CN" does not match the server certificate)"

Expected results:

The connection should work without issues

Additional info:

Comment 1 Ondřej Ezr 2020-10-06 07:50:22 UTC
Hi Ahmed,

does this work if they use the main LDAP server name?

Comment 2 Ahmed Eladawy 2020-10-06 08:18:17 UTC
(In reply to Ondřej Ezr from comment #1)
> Hi Ahmed,
> 
> does this work if they use the main LDAP server name?

Hi Ondřej,

When using the main LDAP server name , it gives the same error :

ERF50-1006 [Foreman::WrappedException]: Unable to connect to LDAP server ([Net::LDAP::Error]: hostname "LDAP-CN" does not match the server certificate)"

It works only when the alternative name on the certificate is used.


Note You need to log in before you can comment on or make changes to this bug.