disable ldap hostname verification?
Jeffrey Crawford
jeffreyc at ucsc.edu
Wed May 10 10:32:55 EDT 2017
There is a file in ${IDP_HOME}/credentials/ldap-server.crt, just put the
ldap server cert or root ca in that file. I often use openssl s_client
against the ldaps port of the ldap server if you don't have direct access
to the cert.
Jeffrey E. Crawford
Enterprise Service Team <jeffreyc at ucsc.edu>
^ ^
/ \ ^ / \ ^
/ \/ \ / \ / \
/ \/ \/ \
/ \
You have been assigned this mountain to prove to others that it *can* be
moved.
On Wed, May 10, 2017 at 6:40 AM, Daniel Fisher <dfisher at vt.edu> wrote:
> On Tue, May 9, 2017 at 8:21 PM, Ghilteras <angelo at twilio.com> wrote:
>
>> sorry to bump an old thread, but I'm facing this issue now for a PoC and I
>> don't seem to be able to find the equivalent of ldap_tls_reqcert on SSSD
>> in
>> Shibboleth, not even in the beans of
>> /opt/shibboleth-idp/conf/authn/ldap-authn-config.xml
>>
>> so is there no way to disable hostname validation during ssl handshake?
>>
>
> Are you using LDAPS or startTLS?
>
> --Daniel Fisher
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20170510/178cab4a/attachment.html>
More information about the users
mailing list