Try editing your system-wide ldap.conf(5) file to have:
TLS_REQCERT never
“allow” should also work. Also make sure you have a valid setting for TLS_CACERT (and that
the file actually exists and has some contents): if you tell LDAP software not to check
validity, the cert path has to be there to be ignored.
On Jan 27, 2016, at 15:18, Timothy Keith
<timothy.g.keith(a)gmail.com> wrote:
I am using this tutorial : Pass-Trough authentication with SASL
http://ltb-project.org/wiki/documentation/general/sasl_delegation
Tim
On Fri, Jan 22, 2016 at 2:38 PM, Timothy Keith
<timothy.g.keith(a)gmail.com> wrote:
> Can you recommend a pass-through tutorial ?
>
> Tim
>
> On Fri, Jan 22, 2016 at 2:22 PM, Sergio NNX <sfhacker(a)hotmail.com> wrote:
>>> I am new at LDAP , that is obvious I guess. But, I've been around Unix
>>> for 30 years.
>>
>>>> The first attempt fails :
>>>>
>>>> ldapwhoami -v -ZZ -Y EXTERNAL
>>>> ldap_initialize( <DEFAULT> )
>>>> ldap_start_tls: Connect error (-11)
>>>> additional info: TLS: hostname does not match CN in peer
>>>> certificate
>>>
>>> Why do you expect this to work? You failed to supply -H with a valid
>>> ldap:// URI.
>>
>> There seems to be a lack of knowledge and/or understanding of the basics
>> here! There are dozens of good tutorials online about how to setup
>> pass-through authentication using OpenLDAP. This issue shouldn't take more
>> than a couple of days to fix and test. It is over a month now and it hasn't
>> been fixed.
>>
>> Can you seek advise from a colleague in your office? Can you describe your
>> configuration in more detail?
>>
>> Cheers.
>>
>> Ser.