Jared wrote: > but I can. As I mentioned in my original post, adding this to ~/.ldaprc > or /etc/openldap/ldap.conf makes ldapsearch work perfectly fine: > > HOST server.domain.com > PORT 636 > TLS_REQCERT allow > > The problem is with applying this configuration to the one host while > still setting my default configuration for SASL certificate-based > authentication to everything else. How do I do that? > > or, to ask the question differently, forget the fact that I'm dealing > with an invalid cert. There's no need to to get hung up on that detail. > I have one ldaprc configuration that I need to define for a host, and a > default ldaprc configuration I need to define for all other hosts. How > do I make them work together? You want to use OpenLDAP command-line tools? Why don't you just set env var LDAPCONF to the config file you need? You could also override certain configuration items by setting the accompanying env var. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature