but I can. As I mentioned in my original post, adding this to ~/.ldaprc or /etc/openldap/ldap.conf makes ldapsearch work perfectly fine:
HOST server.domain.com PORT 636 TLS_REQCERT allow The problem is with applying this configuration to the one host while still setting my default configuration for SASL certificate-based authentication to everything else. How do I do that? or, to ask the question differently, forget the fact that I'm dealing with an invalid cert. There's no need to to get hung up on that detail. I have one ldaprc configuration that I need to define for a host, and a default ldaprc configuration I need to define for all other hosts. How do I make them work together? -- Jared On 10/09/2013 01:06 PM, Michael Ströder wrote: > Jared wrote: >> expired and self-signed. > > You cannot work around expired certs. But in case of self-signed certs you can > put them into trusted CA certs file. > > Ciao, Michael. >
