[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap.conf not being used for TLS_CERT/TLS_KEY

To: Deon George <deon@leenooks.net>
Subject: Re: ldap.conf not being used for TLS_CERT/TLS_KEY
From: Dan White <dwhite@cafedemocracy.org>
Date: Mon, 6 Jul 2015 11:53:04 -0500
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <68EADEA9-C622-4C74-BA6E-DB8C62B638FF@leenooks.net>
References: <68EADEA9-C622-4C74-BA6E-DB8C62B638FF@leenooks.net>
User-agent: Mutt/1.5.23 (2014-03-12)

On 07/06/15 08:53 +1000, Deon George wrote:

Hi,

Looking for feedback on why this is not working, or if it is a bug.

The details of my configuration are here:
http://serverfault.com/questions/702739 <http://serverfault.com/questions/702739>

I discovered (and proved), that ldapsearch is not honouring TLS_CERT/TLS_KEY in /etc/openldap/ldap.conf. I’m running the query as “root” and selinux is disabled.

If however, I put the TLS_CERT/TLS_KEY in my ~/ldaprc or ~/.ldaprc, then they are honoured.

Is this a bug?

What is stopping the “global default” of TLS_CERT/TLS_KEY from being read?


Both TLS_CERT and TLS_KEY are user-only options, by design. See the manpage
for ldap.conf for details on how to specify the settings within a user
configuration file.

--
Dan White

References:
- ldap.conf not being used for TLS_CERT/TLS_KEY
  - From: Deon George <deon@leenooks.net>

Prev by Date: ldap.conf not being used for TLS_CERT/TLS_KEY
Next by Date: Re: ldap.conf not being used for TLS_CERT/TLS_KEY
Index(es):
- Chronological
- Thread