[Date Prev][Date Next]
Re: How do tool verify certs with ldapi:// ?
On Mon, 28 May 2012, Philip Guenther wrote:
> If no path is specified (e.g., "ldapi://") then the checking code is
> passed a hostname of "localhost".
...which then remaps that to the local hostname (if available) for the
Huh. So for any URI that doesn't specify a host component, be it
"ldapi://" or "ldap://" or "ldaps://", the OpenLDAP tools will connect to
the default 'host' for the schema, be it "/var/run/ldpai" or "localhost",
but for StartTLS they'll match the server cert against the *hostname*.
I did not expect that, though I can see how it can be justified.