--On Tuesday, June 21, 2022 11:29 PM -0700 radiatejava
<[email protected]> wrote:
I raised the issue https://bugs.openldap.org/show_bug.cgi?id=9869 but
it has been set to verified/invalid state now. However, I do not know
which version addresses the issue. Can anyone tell me which version
would still verify the hostname when doing LDAP over TLS.
The OpenLDAP 2.4 series is historic, no bug reports for it will be
considered.
No changes have been made to OpenLDAP 2.4 series to disable hostname
verification by the OpenLDAP project. If you are using libraries provided
by downstream distributions, they may have made unauthorized changes to how
libldap functions in regards to TLS. Additionally, if you were using an
OpenSSL linked libldap and are now using a GnuTLS linked libldap, then some
behaviors are different as documented in the man pages.
Generally I'd advise starting with a supported version of OpenLDAP.
Regards,
Quanah
