Re: (ITS#6419) bindconf parser doesn't apply tls-defaults as documented - openldap-bugs

8 Dec 2009


      rhafer@suse.de wrote:
...
Am Montag 07 Dezember 2009 21:22:08 schrieb quanah@zimbra.com:
...
--On Monday, December 07, 2009 2:24 PM +0000 rhafer@suse.de wrote:
...

olcSyncrepl: {0}rid=1 provider="ldap://master/" searchbase="dc=test"
  type="refreshAndPersist" starttls=critical bindmethod="simple"
  binddn="uid=syncrepl,dc=test" credentials="XXXXXX"

Question is if this is a bug in the documentation or in the code. I think
it's the latter.
Howard believes this is fixed in head with servers/slapd/config.c 1.508 ->
1.509.  Can you please test and let us know the result?
It solves the problem only partially. It still doesn't work when using
"ldaps://" uris AFAICS.
The code was assuming that at least one of the other TLS config keywords would 
also be used in these situations. Most of the time the slapd TLS config would 
only be appropriate for server use, and would need to be overridden when 
acting as a client.
Anyway, this is now fixed in HEAD.
-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/