On Sat, Aug 06, 2016 at 07:14:37PM +0300, Matwey V. Kornilov wrote:
After inspecting source code I've just found that TLS_KEY and TLS_CERT are ignored if located in /etc/openldap/ldap.conf. Why does it not written in man ldap.conf(5) explicitly?
It is.
TLS_CERT <filename> Specifies the file that contains the client certificate. This is a user-only option.
[...]
TLS_KEY <filename> Specifies the file that contains the private key that matches the certificate stored in the TLS_CERT file. Currently, the private key must not be protected with a password, so it is of critical importance that the key file is protected carefully. This is a user-only option.
"User-only" is defined at the top of the page:
Some options are user-only. Such options are ignored if present in the ldap.conf (or file specified by LDAPCONF).