Set environment variables.

export LDAPTLS_REQCERT=allow


LDAPTLS_REQCERT=allow ldapsearch ...

If neither of those work, specify a specific LDAPRC with:

export LDAPRC=somefile.conf


LDAPRC=somefile.conf ldapsearch ...

On Wed, Oct 9, 2013 at 11:12 AM, Jared <> wrote:
but I can.  As I mentioned in my original post, adding this to ~/.ldaprc
or /etc/openldap/ldap.conf makes ldapsearch work perfectly fine:

PORT 636

The problem is with applying this configuration to the one host while
still setting my default configuration for SASL certificate-based
authentication to everything else.  How do I do that?

or, to ask the question differently, forget the fact that I'm dealing
with an invalid cert.  There's no need to to get hung up on that detail.
 I have one ldaprc configuration that I need to define for a host, and a
default ldaprc configuration I need to define for all other hosts.  How
do I make them work together?


On 10/09/2013 01:06 PM, Michael Ströder wrote:
> Jared wrote:
>> expired and self-signed.
> You cannot work around expired certs. But in case of self-signed certs you can
> put them into trusted CA certs file.
> Ciao, Michael.