Hi,
On Monday, 28. May 2012, Michael Ströder wrote:
how do the openldap tools technically verfify certificates with ldapi:// ?
Which certs do you want to verify?
With ldapi, you don't have a hostname or IP address, so how do the openldap tools do it?
Are you talking about SASL/EXTERNAL? There are no certs involved at all with ldapi:// (see http://tools.ietf.org/html/draft-chu-ldap-ldapi-00).
Michaels post showed that I did not make myself clear enough. I want to verify server certificates when switching to TLS
In the end I want to achieve the same as ldapsearch -LLL -x -H ldapi:/// -ZZ -s base -b "" I.e. 1) connect via ldapi 2) switch to TLS with reuiring the verification of the server certificate to succeed
How does ldapsearch check the server certificate in the absence of a hostname or IP address?
Best PEter