[Date Prev][Date Next]
back-meta: dependency on ldap.conf
- To: OpenLDAP Technical Discussion <email@example.com>
- Subject: back-meta: dependency on ldap.conf
- From: Liam Gretton <firstname.lastname@example.org>
- Date: Thu, 19 Mar 2015 11:45:40 +0000
- Organization: IT Services, University Of Leicester
- User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
OpenLDAP 2.4.40, SLES x86_64.
This will seem crazy, but it looks to me that back-meta uses
/etc/openldap/ldap.conf for its TLS configuration instead of the
tls_options set explicitly within slapd.conf.
Within my meta configuration I have the following for idassert-bind:
None of the TLS options seem to have any effect here at all (I can put
nonsensical values to the tls options here and slapd doesn't complain at
Instead it's necessary to use /etc/openldap/ldap.conf for back-meta to
bind over SSL/TLS:
Any changes to ldap.conf get picked up by back-meta on a restart.
This can't be right, surely?
As an aside, I can't see why it's necessary to have to specify both
tls_cacert (pointing at the last CA in the chain) as well as
tls_cacertdir, but it is.
Liam Gretton email@example.com
Systems Specialist http://www.le.ac.uk/its/
IT Services Tel: +44 (0)116 2522254
University Of Leicester, University Road
Leicestershire LE1 7RH, United Kingdom