Full_Name: Ralf Haferkamp Version: 2.4.20, HEAD OS: any URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (92.252.43.63)

The bindconf parse is used in a few places where remote connection to other server are to be configured (syncrepl, back-ldap, ...). The documented behavior is (from the syncrepl section in slapd-config(5)):

"The tls_reqcert setting defaults to "demand" and the other TLS settings default to the same as the main slapd TLS settings."

This does however only seem to work if at least one of the "tls_" appears in the bindconfig. E.g. the following syncrepl config doesn't have any "tls_" setting and should, according to the man-page work as if "tls_reqcert=demand" was set. However the actual behavior is like "tls_reqcert=never".

------------------------------------ olcSyncrepl: {0}rid=1 provider="ldap://master/" searchbase="dc=test" type="refreshAndPersist" starttls=critical bindmethod="simple" binddn="uid=syncrepl,dc=test" credentials="XXXXXX" ------------------------------------

Question is if this is a bug in the documentation or in the code. I think it's the latter.