Set environment variables.

export LDAPTLS_REQCERT=allow

or

LDAPTLS_REQCERT=allow ldapsearch ...

If neither of those work, specify a specific LDAPRC with:

export LDAPRC=somefile.conf

or

LDAPRC=somefile.conf ldapsearch ...


On Wed, Oct 9, 2013 at 11:12 AM, Jared <list-389@legroom.net> wrote:
but I can.  As I mentioned in my original post, adding this to ~/.ldaprc
or /etc/openldap/ldap.conf makes ldapsearch work perfectly fine:

HOST server.domain.com
PORT 636
TLS_REQCERT allow

The problem is with applying this configuration to the one host while
still setting my default configuration for SASL certificate-based
authentication to everything else.  How do I do that?

or, to ask the question differently, forget the fact that I'm dealing
with an invalid cert.  There's no need to to get hung up on that detail.
 I have one ldaprc configuration that I need to define for a host, and a
default ldaprc configuration I need to define for all other hosts.  How
do I make them work together?

--
Jared

On 10/09/2013 01:06 PM, Michael Ströder wrote:
> Jared wrote:
>> expired and self-signed.
>
> You cannot work around expired certs. But in case of self-signed certs you can
> put them into trusted CA certs file.
>
> Ciao, Michael.
>