[Date Prev][Date Next]
Re: How do tool verify certs with ldapi:// ?
On Monday, 28. May 2012, Michael StrÃder wrote:
> > how do the openldap tools technically verfify certificates with ldapi://
> > ?
> Which certs do you want to verify?
> > With ldapi, you don't have a hostname or IP address, so how do the
> > openldap tools do it?
> Are you talking about SASL/EXTERNAL? There are no certs involved at all
> with ldapi:// (see http://tools.ietf.org/html/draft-chu-ldap-ldapi-00).
Michaels post showed that I did not make myself clear enough.
I want to verify server certificates when switching to TLS
In the end I want to achieve the same as
ldapsearch -LLL -x -H ldapi:/// -ZZ -s base -b ""
1) connect via ldapi
2) switch to TLS with reuiring the verification of the server certificate to
How does ldapsearch check the server certificate in the absence of a hostname
or IP address?