[Date Prev][Date Next]
Re: insecure, convenient use of SSL
On Friday 11 April 2008 01:42:30 Jason Dusek wrote:
> I'd like to set up LDAP command line tools to point to a server
> -- say localhost -- that has a certificate with an arbitrary
> name in it -- say `my-domain.com`.
> I'm not entirely sure how to my LDAP tools to do that, though
> -- or if it's possible. By default, OpenLDAP is wound up pretty
1)Add an entry to /etc/hosts so that the name on the certificate resolves to
the correct IP address, and always use the name on any connection where you
want certificate validation
to the OpenLDAP ldap.conf. If you are using anything besides OpenLDAP software
(nss_ldap,pam_ldap) be aware that their configuration is not identical ...