[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: How do tool verify certs with ldapi:// ?
Hi,
On Monday, 28. May 2012, Michael StrÃder wrote:
> > how do the openldap tools technically verfify certificates with ldapi://
> > ?
> Which certs do you want to verify?
>
> > With ldapi, you don't have a hostname or IP address, so how do the
> > openldap tools do it?
>
> Are you talking about SASL/EXTERNAL? There are no certs involved at all
> with ldapi:// (see http://tools.ietf.org/html/draft-chu-ldap-ldapi-00).
Michaels post showed that I did not make myself clear enough.
I want to verify server certificates when switching to TLS
In the end I want to achieve the same as
ldapsearch -LLL -x -H ldapi:/// -ZZ -s base -b ""
I.e.
1) connect via ldapi
2) switch to TLS with reuiring the verification of the server certificate to
succeed
How does ldapsearch check the server certificate in the absence of a hostname
or IP address?
Best
PEter
--
Peter Marschall
peter@adpm.de