--On May 7, 2014 at 4:14:36 PM -0400 "Andrew D. Arenson" aarenson@iu.edu wrote:
On Tue, May 06, 2014 at 09:45:17PM -0700, Quanah Gibson-Mount wrote:
--On May 6, 2014 at 11:26:47 AM -0400 "Andrew D. Arenson" aarenson@iu.edu wrote:
I am trying to understand how a ldap server's certificate is being verified in the absence of the appropriate CA certificates. I have openldap 2.4.23-34 installed.
So I'm guessing you are using RHEL's utterly broken packages for OpenLDAP. I would advise you to get a real, functioning OpenLDAP build, or build OpenLDAP yourself. You can obtain functional builds from Symas or the LTB project.
It is, indeed, RHEL. Have you got a pointer to info about howthey are broken?
They link to a non-standard SSL implementation they linked in themselves, for one, that has serious issues (You can search on that if you like) They ship 2.4.23 which is *years* out of date and has many numerous bugs fixed since then (See the change log on the OpenLDAP website)
It should never be used for a production installation.
--Quanah