A search in the openldap source shows we don’t yet support the OpenSSL3 provider OSSL_STORE_open() call, which takes a URL as a parameter.

I’m happy to patch the openldap client to support this, would it make sense to add a LDAP_OPT_X_TLS_URL option to ldap_option_set()?

Patch available here:

https://bugs.openldap.org/show_bug.cgi?id=10149

This allows replication in 389ds to be fixed, with the patch available here for anyone interested:

https://github.com/389ds/389-ds-base/pull/6021

Regards,

Graham

—