Hallvard B Furuseth wrote:
Roberto Aguilar writes:
Setting TLS_CACERT to the server's CA certificate allows the
connection to go through, but that is not feasible as I need to
connect to servers with different CAs.
I tried looking through ldapsearch.c to find the secret sauce to get
this to work, but was not successful. Can someone point me in the
right direction.
libldap handles it for ldapsearch. If you mean you want to set the
CA cert by hand in the program, use
rc = ldap_set_option(ld, LDAP_OPT_X_TLS_CACERTFILE, "<CA cert filename>");
Also, as noted in the Admin Guide, you can place multiple CA certs in a single
file, and you typically need to do this on clients anyway.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
