Jared wrote:
but I can. As I mentioned in my original post, adding this to ~/.ldaprc or /etc/openldap/ldap.conf makes ldapsearch work perfectly fine:
HOST server.domain.com PORT 636 TLS_REQCERT allow
The problem is with applying this configuration to the one host while still setting my default configuration for SASL certificate-based authentication to everything else. How do I do that?
or, to ask the question differently, forget the fact that I'm dealing with an invalid cert. There's no need to to get hung up on that detail. I have one ldaprc configuration that I need to define for a host, and a default ldaprc configuration I need to define for all other hosts. How do I make them work together?
You want to use OpenLDAP command-line tools?
Why don't you just set env var LDAPCONF to the config file you need?
You could also override certain configuration items by setting the accompanying env var.
Ciao, Michael.