Re: How do tool verify certs with ldapi:// ?

[Philip Guenther <guenther+ldaptech@sendmail.com>]

On Mon, 28 May 2012, Philip Guenther wrote:
> If no path is specified (e.g., "ldapi://") then the checking code is 
> passed a hostname of "localhost".

...which then remaps that to the local hostname (if available) for the 
actual check.

Huh.  So for any URI that doesn't specify a host component, be it 
"ldapi://" or "ldap://"; or "ldaps://", the OpenLDAP tools will connect to 
the default 'host' for the schema, be it "/var/run/ldpai" or "localhost", 
but for StartTLS they'll match the server cert against the *hostname*.

I did not expect that, though I can see how it can be justified.


Philip Guenther