[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How do tool verify certs with ldapi:// ?


On Monday, 28. May 2012, Michael StrÃder wrote:
> > how do the openldap tools technically verfify certificates with ldapi://
> > ?
> Which certs do you want to verify?
> > With ldapi, you don't have a hostname or IP address, so how do the
> > openldap tools do it?
> Are you talking about SASL/EXTERNAL? There are no certs involved at all
> with ldapi:// (see http://tools.ietf.org/html/draft-chu-ldap-ldapi-00).

Michaels post showed that I did not make myself clear enough.
I want to verify server certificates when switching to TLS

In the end I want to achieve the same as
   ldapsearch -LLL -x -H ldapi:/// -ZZ -s base -b ""
1) connect via ldapi
2) switch to TLS with reuiring the verification of the server certificate to 

How does ldapsearch check the server certificate in the absence of a hostname 
or IP address?


Peter Marschall