have to use LDAP_OPT_X_TLS_NEVER to defeat cert hostname checking

Even though the ldap.conf man page is not really clear about this,
looking at the code in libraries/libldap/tls2.c:ldap_int_tls_start()
if you don't specify LDAP_OPT_X_TLS_REQUIRE_CERT as
LDAP_OPT_X_TLS_NEVER it will check the hostname

ldap/servers/slapd/ldaputil.c

@@ -579,7 +579,7 @@ slapi_ldap_init_ext(
 	    } else {
 		/* verify certificate only */
 #if defined(USE_OPENLDAP)
-		ssl_strength = LDAP_OPT_X_TLS_ALLOW;
+		ssl_strength = LDAP_OPT_X_TLS_NEVER;
 #else /* !USE_OPENLDAP */
 		ssl_strength = LDAPSSL_AUTH_CERT;
 #endif /* !USE_OPENLDAP */