It's a default for TLS.  I got it.



On Monday, September 9, 2019, 8:56:25 AM EDT, Paul Pathiakis <pathiaki2@yahoo.com> wrote:


Hi,

Something is amiss and I decided to rebuild from the start.

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example,dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

TLS_CACERTDIR /etc/openldap/cacerts

# Turning this off breaks GSSAPI used with krb5 when rdns = false
SASL_NOCANON    on

#TLS_CACERT /etc/openldap/cacert.pem
#TLSCACertificateFile /etc/openldap/cacert.pem
#TLSCertificateFile /etc/openldap/server.crt
#TLSCertificateKeyFile /etc/openldap/private.key

ssl             start_tls
TLS_REQCERT     allow
BASE dc=joescompany,dc=com
URI ldap://127.0.0.1/

I start the ldap server and go to see if everything is ok.

ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts
#

#
dn:
namingContexts: dc=joescompany,dc=com
namingContexts: dc=my-domain,dc=com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Should that second line even be there?  Where in the world is it getting my-domain from?

Is it a default?

Thank you,

P.