Try editing your system-wide ldap.conf(5) file to have:
TLS_REQCERT never
“allow” should also work. Also make sure you have a valid setting for TLS_CACERT (and that the file actually exists and has some contents): if you tell LDAP software not to check validity, the cert path has to be there to be ignored.
On Jan 27, 2016, at 15:18, Timothy Keith timothy.g.keith@gmail.com wrote:
I am using this tutorial : Pass-Trough authentication with SASL http://ltb-project.org/wiki/documentation/general/sasl_delegation
Tim
On Fri, Jan 22, 2016 at 2:38 PM, Timothy Keith timothy.g.keith@gmail.com wrote:
Can you recommend a pass-through tutorial ?
Tim
On Fri, Jan 22, 2016 at 2:22 PM, Sergio NNX sfhacker@hotmail.com wrote:
I am new at LDAP , that is obvious I guess. But, I've been around Unix for 30 years.
The first attempt fails :
ldapwhoami -v -ZZ -Y EXTERNAL ldap_initialize( <DEFAULT> ) ldap_start_tls: Connect error (-11) additional info: TLS: hostname does not match CN in peer certificate
Why do you expect this to work? You failed to supply -H with a valid ldap:// URI.
There seems to be a lack of knowledge and/or understanding of the basics here! There are dozens of good tutorials online about how to setup pass-through authentication using OpenLDAP. This issue shouldn't take more than a couple of days to fix and test. It is over a month now and it hasn't been fixed.
Can you seek advise from a colleague in your office? Can you describe your configuration in more detail?
Cheers.
Ser.