--On Sunday, July 21, 2019 10:02 PM +0100 Howard Chu hyc@symas.com wrote:
As I already said: there is no reason for the syncrepl consumer and back-ldap to behave identically. The manpages are correct in each case.
I've never said they should behave identically, and I do not fathom why you are so focussed on something I never stated.
*You* stated:
"The behavior is supposed to be exactly as specified in the manpages."
The *man page* for back-ldap makes ZERO reference to ldap.conf. It makes ZERO reference to back-ldap being considered an "ldap client". If your statement that they should behave as specified in the man pages is true, then its behavior is incorrect, because PER THE MAN PAGE the TLS settings are either EXPLICIT in the back-ldap configuration OR they are taking from slapd's TLS settings. NOWHERE does it say that if there are no settings in back-ldap OR slapd that it will THEN take the settings from ldap.conf.
The *exact same* applies to syncrepl and its TLS settings.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com