I'm trying to configure secure LDAP client using the certificates (RootCA, IntermediateCA, IssuingCA and Server certificate) and created the truststore.
openssl s_client works successfully but when I run ldapsearch I get the below error:
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
additional info: TLS: hostname does not match CN in peer certificate
ldap.conf:
SASL_NOCANON on
#Configration for LDAP
URI ldaps://ldapserver.abc.example.com/
BASE dc=ldapserver,dc=abc,dc=example,dc=com
TLS_CACERTDIR /etc/openldap/cacerts
TLS_CACERT /etc/pki/tls/certs/ca-bundle.crt
LDAP server FQDN: ldapserver.abc.example.com
Client FQDN: centos7.xyz.example.com
Do I need to create a new certificate for the client using the provided certificates, if yes how?
Best Answer
Adding the below property in
ldap.confresolved this error: