Hi, On Monday, 28. May 2012, Michael Ströder wrote: > > how do the openldap tools technically verfify certificates with ldapi:// > > ? > Which certs do you want to verify? > > > With ldapi, you don't have a hostname or IP address, so how do the > > openldap tools do it? > > Are you talking about SASL/EXTERNAL? There are no certs involved at all > with ldapi:// (see http://tools.ietf.org/html/draft-chu-ldap-ldapi-00).
Michaels post showed that I did not make myself clear enough. I want to verify server certificates when switching to TLS In the end I want to achieve the same as ldapsearch -LLL -x -H ldapi:/// -ZZ -s base -b "" I.e. 1) connect via ldapi 2) switch to TLS with reuiring the verification of the server certificate to succeed How does ldapsearch check the server certificate in the absence of a hostname or IP address? Best PEter -- Peter Marschall pe...@adpm.de