[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How do tool verify certs with ldapi:// ?

To: openldap-technical@openldap.org
Subject: Re: How do tool verify certs with ldapi:// ?
From: Peter Marschall <peter@adpm.de>
Date: Mon, 28 May 2012 11:16:20 +0200
Cc: Michael StrÃder <michael@stroeder.com>
In-reply-to: <4FC3375E.5040809@stroeder.com>
Organization: ADPM
References: <201205280955.46138.peter@adpm.de> <4FC3375E.5040809@stroeder.com>
User-agent: KMail/1.13.7 (Linux/3.2.0-2-amd64; KDE/4.7.4; x86_64; ; )

Hi,

On Monday, 28. May 2012, Michael StrÃder wrote:
> > how do the openldap tools technically verfify certificates with ldapi://
> > ?
> Which certs do you want to verify?
> 
> > With ldapi, you don't have a hostname or IP address, so how do the
> > openldap tools do it?
> 
> Are you talking about SASL/EXTERNAL? There are no certs involved at all
> with ldapi:// (see http://tools.ietf.org/html/draft-chu-ldap-ldapi-00).

Michaels post showed that I did not make myself clear enough.
I want to verify server certificates when switching to TLS

In the end I want to achieve the same as
   ldapsearch -LLL -x -H ldapi:/// -ZZ -s base -b ""
I.e.
1) connect via ldapi
2) switch to TLS with reuiring the verification of the server certificate to 
succeed

How does ldapsearch check the server certificate in the absence of a hostname 
or IP address?

Best
PEter

-- 
Peter Marschall
peter@adpm.de

References:
- How do tool verify certs with ldapi:// ?
  - From: Peter Marschall <peter@adpm.de>
- Re: How do tool verify certs with ldapi:// ?
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: OpenLDAP proxy to Active Directory
Next by Date: Re: How do tool verify certs with ldapi:// ?
Index(es):
- Chronological
- Thread