Set environment variables.
export LDAPTLS_REQCERT=allow
or
LDAPTLS_REQCERT=allow ldapsearch ...
If neither of those work, specify a specific LDAPRC with:
export LDAPRC=somefile.conf
or
LDAPRC=somefile.conf ldapsearch ...
On Wed, Oct 9, 2013 at 11:12 AM, Jared list-389@legroom.net wrote:
but I can. As I mentioned in my original post, adding this to ~/.ldaprc or /etc/openldap/ldap.conf makes ldapsearch work perfectly fine:
HOST server.domain.com PORT 636 TLS_REQCERT allow
The problem is with applying this configuration to the one host while still setting my default configuration for SASL certificate-based authentication to everything else. How do I do that?
or, to ask the question differently, forget the fact that I'm dealing with an invalid cert. There's no need to to get hung up on that detail. I have one ldaprc configuration that I need to define for a host, and a default ldaprc configuration I need to define for all other hosts. How do I make them work together?
-- Jared
On 10/09/2013 01:06 PM, Michael Ströder wrote:
Jared wrote:
expired and self-signed.
You cannot work around expired certs. But in case of self-signed certs
you can
put them into trusted CA certs file.
Ciao, Michael.