[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#6419) bindconf parser doesn't apply tls-defaults as documented
- To: openldap-its@OpenLDAP.org
- Subject: (ITS#6419) bindconf parser doesn't apply tls-defaults as documented
- From: rhafer@suse.de
- Date: Mon, 7 Dec 2009 14:24:17 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Full_Name: Ralf Haferkamp
Version: 2.4.20, HEAD
OS: any
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (92.252.43.63)
The bindconf parse is used in a few places where remote connection to other
server are to be configured (syncrepl, back-ldap, ...). The documented behavior
is (from the syncrepl section in slapd-config(5)):
"The tls_reqcert setting defaults to "demand" and the other TLS settings default
to the same as the main slapd TLS settings."
This does however only seem to work if at least one of the "tls_" appears in the
bindconfig. E.g. the following syncrepl config doesn't have any "tls_" setting
and should, according to the man-page work as if "tls_reqcert=demand" was set.
However the actual behavior is like "tls_reqcert=never".
------------------------------------
olcSyncrepl: {0}rid=1 provider="ldap://master/" searchbase="dc=test"
type="refreshAndPersist" starttls=critical bindmethod="simple"
binddn="uid=syncrepl,dc=test" credentials="XXXXXX"
------------------------------------
Question is if this is a bug in the documentation or in the code. I think it's
the latter.