On Mon, 28 May 2012, Philip Guenther wrote: > If no path is specified (e.g., "ldapi://") then the checking code is > passed a hostname of "localhost".
...which then remaps that to the local hostname (if available) for the actual check. Huh. So for any URI that doesn't specify a host component, be it "ldapi://" or "ldap://"; or "ldaps://", the OpenLDAP tools will connect to the default 'host' for the schema, be it "/var/run/ldpai" or "localhost", but for StartTLS they'll match the server cert against the *hostname*. I did not expect that, though I can see how it can be justified. Philip Guenther
