/usr/bin/ldap-server-getcert is in debian-edu-config 1.702.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | #!/bin/sh
#
# Fetch LDAP SSL public key from the server using the ldaps / ssl
# protocol.
set -e
LDAP_SERVER="$1"
LDAP_PORT=636 # ldaps
# Fetch using openssl directly from the server.
# Drop headers and footers, and only print the certificate itself.
echo | openssl s_client \
-connect "$LDAP_SERVER:$LDAP_PORT" 2>/dev/null | \
awk '/^-----BEGIN CERTIFICATE-----$/ { yes=1 }
yes { print }
/^-----END CERTIFICATE-----$/ { yes=0 }'
|