Set environment variables. export LDAPTLS_REQCERT=allow
or LDAPTLS_REQCERT=allow ldapsearch ... If neither of those work, specify a specific LDAPRC with: export LDAPRC=somefile.conf or LDAPRC=somefile.conf ldapsearch ... On Wed, Oct 9, 2013 at 11:12 AM, Jared <[email protected]> wrote: > but I can. As I mentioned in my original post, adding this to ~/.ldaprc > or /etc/openldap/ldap.conf makes ldapsearch work perfectly fine: > > HOST server.domain.com > PORT 636 > TLS_REQCERT allow > > The problem is with applying this configuration to the one host while > still setting my default configuration for SASL certificate-based > authentication to everything else. How do I do that? > > or, to ask the question differently, forget the fact that I'm dealing > with an invalid cert. There's no need to to get hung up on that detail. > I have one ldaprc configuration that I need to define for a host, and a > default ldaprc configuration I need to define for all other hosts. How > do I make them work together? > > -- > Jared > > On 10/09/2013 01:06 PM, Michael Ströder wrote: > > Jared wrote: > >> expired and self-signed. > > > > You cannot work around expired certs. But in case of self-signed certs > you can > > put them into trusted CA certs file. > > > > Ciao, Michael. > > > >
