--On Monday, October 5, 2020 1:58 AM +0000 Siddharth Jain siddjain@live.com wrote:
is it necessary to specify both
TLS_CACERT and
TLS_CACERTDIR ?
You use one or the other. The TLS_CACERT only takes a specific file. The TLS_CACERTDIR allows the usage of a directory of multiple CA files.
16.2.2.1. TLS_CACERT <filename>
This is equivalent to the server's TLSCACertificateFile option. As noted in the TLS Configuration section, a client typically may need to know about more CAs than a server, but otherwise the same considerations apply.
16.2.2.2. TLS_CACERTDIR <path>
This is equivalent to the server's TLSCACertificatePath option. The specified directory must be managed with the OpenSSL c_rehash utility as well. If using Mozilla NSS, <path> may contain a cert/key database.
The ldap.conf file uses one set of configuration parameter names, the slapd configuration uses a different set of configuration parameter names.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com