--On Sunday, July 21, 2019 3:37 PM +0100 Howard Chu <hyc@symas.com> wrote:
--On Sunday, July 21, 2019 2:51 AM +0100 Howard Chu <hyc@symas.com> wrote:The behavior is supposed to be exactly as specified in the manpages.A syncrepl consumer is an LDAP client. A back-ldap backend is an LDAP client.
Now you are providing conflicting answers. The man page for back-ldap makes zero reference to ldap.conf(5). It only mentions slapd.conf(5). The syncrepl section of slapd.conf(5)/slapd-config(5) only mention the network-timeout value being pulled in from ldap.conf(5). So which is it? Do they follow the man page behaviors (which would mean no ldap.conf(5) for slapd-ldap, and only network-timeout for syncrepl), or do they violate the man page description?
Generally, it seems to me we at the least have a documentation bug, in that back-ldap(5) and the syncrepl section of slapd.conf(5)/slapd-config(5) should note that they will rely on ldap.conf(5) in the absence of TLS (and possibly other paremters) if they are not found in slapd.conf(5).
Additionaly, what should we do about ITS#8427? It was clearly fixing a valid bug. Do we revert it? Do we fix the behavior so it fixes the bug reported, but does not introduce a regression?
And we need to know the answer to that and have a fix in rather quickly. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>