Quanah Gibson-Mount wrote:Attempting to connect via ldapsearch to ldap://127.0.0.1 and initiate startTLS will fail, as the IP gets mapped to "localhost", and then the FQDN check fails.Yes, this is a bug. Especially since the mapping to "localhost" does not have a trustable source for this mapping.
Bah, never mind. I had a runaway slapd with old cert info running. It does work in this scenario correctly.
--Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>