Re: ldap.conf not being used for TLS_CERT/TLS_KEY

On 07/06/15 08:53 +1000, Deon George wrote:

Hi,

Looking for feedback on why this is not working, or if it is a bug.

The details of my configuration are here: http://serverfault.com/questions/702739 http://serverfault.com/questions/702739

I discovered (and proved), that ldapsearch is not honouring TLS_CERT/TLS_KEY in /etc/openldap/ldap.conf. I’m running the query as “root” and selinux is disabled.

If however, I put the TLS_CERT/TLS_KEY in my ~/ldaprc or ~/.ldaprc, then they are honoured.

Is this a bug?

What is stopping the “global default” of TLS_CERT/TLS_KEY from being read?

Both TLS_CERT and TLS_KEY are user-only options, by design. See the manpage for ldap.conf for details on how to specify the settings within a user configuration file.