Jason Dusek wrote:
I'd like to set up LDAP command line tools to point to a server -- say localhost -- that has a certificate with an arbitrary name in it -- say `my-domain.com`.
I'm not entirely sure how to my LDAP tools to do that, though -- or if it's possible. By default, OpenLDAP is wound up pretty tight.
You shouldn't use SSL in such a insecure way. I'd recommend to listen on localhost in clear and listen on external interface with SSL. There's no point in accessing ldaps://localhost except for testing.
slapd -h "ldap://127.0.0.1 ldaps://0.0.0.0"
This doesn't allow using StartTLS extended operation on the external interface though.
Or even better use ldapsearch -H ldapi:// (preferrably with SASL/EXTERNAL bind -Y EXTERNAL) for local access if the client apps support it.
slapd -h "ldap://127.0.0.1 ldapi:// ldaps://0.0.0.0"
Ciao, Michael.