Try editing your system-wide ldap.conf(5) file to have: TLS_REQCERT never
“allow” should also work. Also make sure you have a valid setting for TLS_CACERT (and that the file actually exists and has some contents): if you tell LDAP software not to check validity, the cert path has to be there to be ignored. > On Jan 27, 2016, at 15:18, Timothy Keith <timothy.g.ke...@gmail.com> wrote: > > I am using this tutorial : Pass-Trough authentication with SASL > http://ltb-project.org/wiki/documentation/general/sasl_delegation > > Tim > > On Fri, Jan 22, 2016 at 2:38 PM, Timothy Keith > <timothy.g.ke...@gmail.com> wrote: >> Can you recommend a pass-through tutorial ? >> >> Tim >> >> On Fri, Jan 22, 2016 at 2:22 PM, Sergio NNX <sfhac...@hotmail.com> wrote: >>>> I am new at LDAP , that is obvious I guess. But, I've been around Unix >>>> for 30 years. >>> >>>>> The first attempt fails : >>>>> >>>>> ldapwhoami -v -ZZ -Y EXTERNAL >>>>> ldap_initialize( <DEFAULT> ) >>>>> ldap_start_tls: Connect error (-11) >>>>> additional info: TLS: hostname does not match CN in peer >>>>> certificate >>>> >>>> Why do you expect this to work? You failed to supply -H with a valid >>>> ldap:// URI. >>> >>> There seems to be a lack of knowledge and/or understanding of the basics >>> here! There are dozens of good tutorials online about how to setup >>> pass-through authentication using OpenLDAP. This issue shouldn't take more >>> than a couple of days to fix and test. It is over a month now and it hasn't >>> been fixed. >>> >>> Can you seek advise from a colleague in your office? Can you describe your >>> configuration in more detail? >>> >>> Cheers. >>> >>> Ser.