--On Thursday, December 19, 2024 9:05 AM +0000 Eric M em.job35@gmail.com wrote:
When I want to validate a Tls mutual autentication with ldapsearch -H ldaps://…, I have an « peer did not return certificate » error message. However, my /etc/openldap/ldap.conf (with r options) is configured with TLS options (certificate, CA, key, tls_verifyclient=demand,…). I have no .ldaprc, LDAPRC, LDAPCONF environnement variable. When I used Ldapsearch -H ldaps://… with options like -o cert -o key -o cafile is Ok. I don't understand why my ldap.conf is not read.
I will again refer you to the ldap.conf man page, which explicilty notes that the TLS mutual auth options (TLS_CERT, TLS_KEY) are USER ONLY options, which means you cannot set them via a global ldap.conf file.
Regards, Quanah