[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Can't override TLS_REQCERT

To: "Andrew D. Arenson" <aarenson@iu.edu>
Subject: Re: Can't override TLS_REQCERT
From: Philip Guenther <pguenther@proofpoint.com>
Date: Wed, 30 Apr 2014 13:26:35 -0700
Cc: openldap-technical@openldap.org
In-reply-to: <20140430190622.GA24533@biobike.uits.iu.edu>
References: <20140430190622.GA24533@biobike.uits.iu.edu>
User-agent: Alpine 2.11 (BSO 23 2013-08-11)

On Wed, 30 Apr 2014, Andrew D. Arenson wrote:
> 	I found the previous post of someone else who faced
> the same problem I'm encountering, but I did not see a posted
> solution:
> 
> http://www.openldap.org/lists/openldap-technical/201310/msg00084.html
> 
> 	In /etc/openldap/ldap.conf, TLS_REQCERT is set to 'allow'.
> 
> 	I would like to leave this setting, but override it for a
> specific invocation of ldapsearch. I have attempted to do so by
> setting TLS_REQCERT in ~/.ldaprc and be setting the LDAPTLS_REQCERT
> environment variable. Neither has worked.
> 
> 	Interestingly, I _HAVE_ found that I can override TLS_CACERTDIR
> in either of those locations.
> 
>    	Is this a bug?

Insufficient detail.  Works for me with a local build of 2.4.35 and 
setting LDAPTLS_REQCERT to 'allow' on the command-line, ala:

	LDAPTLS_REQCERT=allow ldapsearch -H ldaps://127.0.0.1  -x

with
	TLS_REQCERT     demand

in the system ldap.conf.  It also worked as expected with 'allow' in then 
ldap.conf and 'demand' in the env-var.


Philip Guenther

Follow-Ups:
- Re: Can't override TLS_REQCERT
  - From: "Andrew D. Arenson" <aarenson@iu.edu>

References:
- Can't override TLS_REQCERT
  - From: "Andrew D. Arenson" <aarenson@iu.edu>

Prev by Date: Can't override TLS_REQCERT
Next by Date: Re: Can't override TLS_REQCERT
Index(es):
- Chronological
- Thread