#!/bin/sh
#
# Fetch LDAP SSL public key from the server using the ldaps / ssl
# protocol.

set -e

LDAP_SERVER="$1"

LDAP_PORT=636 # ldaps

# Fetch using openssl directly from the server.
# Drop headers and footers, and only print the certificate itself.
echo | openssl s_client \
    -connect "$LDAP_SERVER:$LDAP_PORT" 2>/dev/null | \
    awk '/^-----BEGIN CERTIFICATE-----$/ { yes=1 }
         yes { print }
         /^-----END CERTIFICATE-----$/ { yes=0 }'
