It's a default for TLS. I got it.
On Monday, September 9, 2019, 8:56:25 AM EDT, Paul Pathiakis pathiaki2@yahoo.com wrote:
Hi, Something is amiss and I decided to rebuild from the start. # # LDAP Defaults #
# See ldap.conf(5) for details # This file should be world readable but not world writable.
#BASE dc=example,dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12 #TIMELIMIT 15 #DEREF never
TLS_CACERTDIR /etc/openldap/cacerts
# Turning this off breaks GSSAPI used with krb5 when rdns = false SASL_NOCANON on
#TLS_CACERT /etc/openldap/cacert.pem #TLSCACertificateFile /etc/openldap/cacert.pem #TLSCertificateFile /etc/openldap/server.crt #TLSCertificateKeyFile /etc/openldap/private.key ssl start_tls TLS_REQCERT allow BASE dc=joescompany,dc=com URI ldap://127.0.0.1/
I start the ldap server and go to see if everything is ok. ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: namingContexts #
# dn: namingContexts: dc=joescompany,dc=com namingContexts: dc=my-domain,dc=com
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
Should that second line even be there? Where in the world is it getting my-domain from? Is it a default? Thank you, P.