Hi Rob,
I am looking to perform an authenticated ldapsearch using certificate-based authentication so I don't have to pass username and password onto the command line when searching against cn=groups,cn=accounts. Looks like only authenticated ldapsearch will yield memberOf info (usernames that belong to the group), but an anonymous ldapsearch will only yield group container info without memberOf UIDs.
LDAPTLS_CACERT=/home/user_name/CA.crt
LDAPTLS_KEY=/home/user_name/user.key
LDAPTLS_CERT=/home/user_name/user.der
Will my certificate-based ldapsearch work without user.key defined?
so far I haven't been able to perform the ldapsearch because I am getting:
ldap_start_tls: Can't contact LDAP server (-1) additional info: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (self signed certificate in certificate chain).
Any pointers will be greatly appreciated!
--Tony