[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6419) bindconf parser doesn't apply tls-defaults as documented

Full_Name: Ralf Haferkamp
Version: 2.4.20, HEAD
OS: any
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

The bindconf parse is used in a few places where remote connection to other
server are to be configured  (syncrepl, back-ldap, ...). The documented behavior
is (from the syncrepl section in slapd-config(5)):

"The tls_reqcert setting defaults to "demand" and the other TLS settings default
to the  same  as  the  main slapd TLS settings."

This does however only seem to work if at least one of the "tls_" appears in the
bindconfig. E.g. the following syncrepl config doesn't have any "tls_" setting
and should, according to the man-page work as if "tls_reqcert=demand" was set.
However the actual behavior is like "tls_reqcert=never".

olcSyncrepl: {0}rid=1 provider="ldap://master/"; searchbase="dc=test" 
 type="refreshAndPersist" starttls=critical bindmethod="simple" 
 binddn="uid=syncrepl,dc=test" credentials="XXXXXX"

Question is if this is a bug in the documentation or in the code. I think it's
the latter.