I have this setting in /etc/ldap.conf:
ssl start_tls
tls_checkpeer no
However, ssh doesn't honour the tls_checkpeer directive:
[root@etoile ~]# LC_ALL=C service sshd start
Lancement de sshd : ldap_connect: (TLS) ldap_start_tls(): Connect error (-11)
additional info: TLS: hostname does not match CN in peer certificate
[LDAP] could not initialize ldap connection
And before you ask why I don't use correct certificates, that's because
this is a LDAP slave behind a SLB proxy, with the certificate name matching
the virtual interface name, and local LDAP configuration access the server
as 'localhost' instead.
I had to force sshd to ignore peer checking through LDAPTLS_REQCERT=never
environment variable to fix this.
Original issue reported on code.google.com by guillomo...@gmail.com on 21 Jan 2010 at 12:53
Original issue reported on code.google.com by
guillomo...@gmail.com
on 21 Jan 2010 at 12:53