15 Apr
2008
15 Apr
'08
5:55 a.m.
On Friday 11 April 2008 01:42:30 Jason Dusek wrote:
I'd like to set up LDAP command line tools to point to a server -- say localhost -- that has a certificate with an arbitrary name in it -- say `my-domain.com`.
I'm not entirely sure how to my LDAP tools to do that, though -- or if it's possible. By default, OpenLDAP is wound up pretty tight.
Either: 1)Add an entry to /etc/hosts so that the name on the certificate resolves to the correct IP address, and always use the name on any connection where you want certificate validation or 2)Add TLS_REQCERT allow to the OpenLDAP ldap.conf. If you are using anything besides OpenLDAP software (nss_ldap,pam_ldap) be aware that their configuration is not identical ...
Regards, Buchan