--On Monday, January 6, 2025 6:20 PM +0000 Eric M em.job35@gmail.com wrote:
the ldap.conf(5) manpage specifies :
The ldap.conf configuration file is used to set system-wide defaults to be applied when running ldap clients.
Users may create an optional configuration file, ldaprc or.ldaprc, in their home directory which will be used to override the system-wide defaults file. The file ldaprc in the current working directory is also used.
I've already quoted this to you previously, but you've left it out here, so I'll quote it again:
" Some options are user-only. Such options are ignored if present in the ldap.conf (or file specified by LDAPCONF)."
You've been told multiple different ways to configure client cert auth, you've failed to demonstrate you've paid attention to any of it, repeatedly.
You've generally failed to specify how your server<->server TLS client auth would be occurring. For example, with syncrepl, the syncrepl configuration EXPLICITLY has the bits for configuring cert auth. Same for things like back-ldap and back-meta.
For client<->server TLS auth, it depends on what the client is. For the LDAP client tools (such as ldapsearch), you've been repeatedly told all the different options you have at your disposal. Again, with ZERO indication from you that you've followed any of the options.
--Quanah