Issue 7744 - [Patch] TLS_REQCERT section in ldap.conf is confusing
Summary: [Patch] TLS_REQCERT section in ldap.conf is confusing
Status: VERIFIED FIXED
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: documentation (show other issues)
Version: unspecified
Hardware: All All
: --- normal
Target Milestone: 2.5.2
Assignee: Howard Chu
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-11-13 12:49 UTC by jsynacek@redhat.com
Modified: 2021-02-26 23:35 UTC (History)
0 users

See Also:

Attachments
Fix-client-manpage.patch (1.91 KB, patch)
2020-03-20 17:46 UTC, Quanah Gibson-Mount 		Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description jsynacek@redhat.com 2013-11-13 12:49:40 UTC 
Full_Name: Jan Synacek
Version: master
OS: Linux - Fedora 19
URL: http://jsynacek.fedorapeople.org/openldap/jsynacek-20131113-0001-Fix-client-manpage.patch
Submission from: (NULL) (209.132.186.34)


Quoting ldap.conf(5):

TLS_REQCERT <level>
...
   try    The  server  certificate  is  requested. If no certificate is
provided, the session proceeds normally. If a bad certificate is provided, the
session is immediately terminated.

There is currently no way how to "provide no server certificate" and
successfully connect via a client (e.g. ldapsearch).

For additional discussion, see
http://www.openldap.org/lists/openldap-technical/201311/msg00099.html.
Comment 1 Quanah Gibson-Mount 2017-04-12 16:31:01 UTC 
changed notes
moved from Incoming to Documentation
Comment 2 OpenLDAP project 2017-09-14 19:49:44 UTC 
has patch
Comment 3 Quanah Gibson-Mount 2017-09-14 19:49:44 UTC 
changed notes
Comment 4 Quanah Gibson-Mount 2020-03-20 17:46:22 UTC 
Created attachment 630 [details]
Fix-client-manpage.patch
Comment 5 Howard Chu 2021-02-18 14:46:42 UTC 
in master
Comment 6 Quanah Gibson-Mount 2021-02-18 16:12:22 UTC 
Commits: 
  • c25fa7b0 
by Jan Synacek at 2021-02-18T14:45:51+00:00 
ITS#7744 Fix TLS_REQCERT description