Try editing your system-wide ldap.conf(5) file to have:
TLS_REQCERT never
“allow” should also work. Also make sure you have a valid setting for
TLS_CACERT (and that the file actually exists and has some contents): if you
tell LDAP software not to check validity, the cert path has to be there to be
ignored.
> On Jan 27, 2016, at 15:18, Timothy Keith <[email protected]> wrote:
>
> I am using this tutorial : Pass-Trough authentication with SASL
> http://ltb-project.org/wiki/documentation/general/sasl_delegation
>
> Tim
>
> On Fri, Jan 22, 2016 at 2:38 PM, Timothy Keith
> <[email protected]> wrote:
>> Can you recommend a pass-through tutorial ?
>>
>> Tim
>>
>> On Fri, Jan 22, 2016 at 2:22 PM, Sergio NNX <[email protected]> wrote:
>>>> I am new at LDAP , that is obvious I guess. But, I've been around Unix
>>>> for 30 years.
>>>
>>>>> The first attempt fails :
>>>>>
>>>>> ldapwhoami -v -ZZ -Y EXTERNAL
>>>>> ldap_initialize( <DEFAULT> )
>>>>> ldap_start_tls: Connect error (-11)
>>>>> additional info: TLS: hostname does not match CN in peer
>>>>> certificate
>>>>
>>>> Why do you expect this to work? You failed to supply -H with a valid
>>>> ldap:// URI.
>>>
>>> There seems to be a lack of knowledge and/or understanding of the basics
>>> here! There are dozens of good tutorials online about how to setup
>>> pass-through authentication using OpenLDAP. This issue shouldn't take more
>>> than a couple of days to fix and test. It is over a month now and it hasn't
>>> been fixed.
>>>
>>> Can you seek advise from a colleague in your office? Can you describe your
>>> configuration in more detail?
>>>
>>> Cheers.
>>>
>>> Ser.
