[Issue 9711] New: olcTLSVerifyClient set incorrectly on conversion
by openldap-its@openldap.org
https://bugs.openldap.org/show_bug.cgi?id=9711
Issue ID: 9711
Summary: olcTLSVerifyClient set incorrectly on conversion
Product: OpenLDAP
Version: 2.5.7
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: slapd
Assignee: bugs(a)openldap.org
Reporter: quanah(a)openldap.org
Target Milestone: ---
When converting the following slapd.conf to cn=config via slaptest, the
olcTLSVerifyClient parameter is set to "demand" instead of "never". The
slapd.conf man page clearly states that "never" is supposed to be the default.
This causes startTLS operations to fail from the client.
slapd.conf:
include /opt/symas/etc/openldap/schema/core.schema
pidfile /var/symas/run/slapd.pid
argsfile /var/symas/run/slapd.args
loglevel stats
TLSCACertificateFile /opt/symas/ssl/CA/certs/testsuiteCA.crt
TLSCertificateFile /opt/symas/ssl/certs/ub18.crt
TLSCertificateKeyFile /opt/symas/ssl/private/ub18.key
modulepath /opt/symas/lib/openldap
moduleload back_mdb.la
database config
rootpw secret
database mdb
maxsize 1073741824
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"
rootpw secret
directory /var/symas/openldap-data
index objectClass eq
database monitor
With the above slapd.conf, the following ldapsearch command succeeds:
/opt/symas/bin/ldapsearch -x -ZZ -H ldap://ub18.quanah.org/^
However, after converting it to cn=config:
slaptest -f slapd.conf -F /opt/symas/etc/openldap/slapd.d
olcTLSVerifyClient has an incorrect value of "demand" instead of "never":
cn=config.ldif:olcTLSVerifyClient: demand
--
You are receiving this mail because:
You are on the CC list for the issue.