[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48

To: Nikos Voutsinas <nvoutsin@gmail.com>, Ondřej Kuzník <ondra@mistotebe.net>
Subject: Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Sat, 20 Jul 2019 09:40:53 -0700
Cc: openldap-devel@openldap.org
Content-disposition: inline
In-reply-to: <CAJoHRiicDsYCh55WtS16VN0h0iPz7rh_oSfutih9caEja1+3Vg@mail.gmail.com>
References: <CAJoHRijg72LHC5EQT0p=ppyykvd69ik-8Ons0fdd3e7fRp1R5Q@mail.gmail.com> <20190720114150.6lcvw2vqkt7wqkty@mistotebe.net> <CAJoHRiicDsYCh55WtS16VN0h0iPz7rh_oSfutih9caEja1+3Vg@mail.gmail.com>

--On Saturday, July 20, 2019 3:55 PM +0300 Nikos Voutsinas<nvoutsin@gmail.com> wrote:

I am using the ldap.conf TLS params to provide the path to CAs. That's
the default way for Debian. It works with 2.4.47, it also works for the
2.4.48 openldap client utils) as I mentioned  earlier.

ldap.conf is only for client utilities. This is clearly described in theldap.conf(5) man page. This sounds more to me like we've closed a bug withthe GnuTLS implementation. From ldap.conf(5):

The ldap.conf configuration file is used to set system-wide defaultsto

      be applied when running ldap clients


Regards,
Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

Follow-Ups:
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Ryan Tandy <ryan@nardis.ca>

References:
- back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Nikos Voutsinas <nvoutsin@gmail.com>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Ondřej Kuzník <ondra@mistotebe.net>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Nikos Voutsinas <nvoutsin@gmail.com>

Prev by Date: Re: Drop support for GNUTLS and libnss in 2.5?
Next by Date: Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
Index(es):
- Chronological
- Thread