On Friday 11 April 2008 01:42:30 Jason Dusek wrote: > I'd like to set up LDAP command line tools to point to a server > -- say localhost -- that has a certificate with an arbitrary > name in it -- say `my-domain.com`. > > I'm not entirely sure how to my LDAP tools to do that, though > -- or if it's possible. By default, OpenLDAP is wound up pretty > tight.
Either: 1)Add an entry to /etc/hosts so that the name on the certificate resolves to the correct IP address, and always use the name on any connection where you want certificate validation or 2)Add TLS_REQCERT allow to the OpenLDAP ldap.conf. If you are using anything besides OpenLDAP software (nss_ldap,pam_ldap) be aware that their configuration is not identical ... Regards, Buchan
