In UCS LDAP is configured to use the local certificate for StartTLS, based on the root certificate of the UCS.
We have some external servers that I would like to connect to LDAP StartTLS.
To achieve this
- I configured the firewall to forward the LDAP queries to our UCS
- as a public FQDN is used, I changed the certificate information in /etc/ldap/slapd.conf. The certificate belonging to the public FQDN is used.
LDAP StartTLS is now working fine for external queries, unfortunately I broke the internal LDAP system of UCS. I tried to fix this by changing the following variables:
After this change, some policies are not met anymore.
Is it possible to change hostname and certificate used for LDAP StartTLS?