On 19 Dec 2023, at 12:45, Graham Leggett <minfrin@sharp.fm> wrote:

A search in the openldap source shows we don’t yet support the OpenSSL3 provider OSSL_STORE_open() call, which takes a URL as a parameter.

I’m happy to patch the openldap client to support this, would it make sense to add a LDAP_OPT_X_TLS_URL option to ldap_option_set()?

Patch available here:

https://bugs.openldap.org/show_bug.cgi?id=10149

This allows replication in 389ds to be fixed, with the patch available here for anyone interested:

https://github.com/389ds/389-ds-base/pull/6021

Regards,
Graham