On Wed, 30 Apr 2014, Andrew D. Arenson wrote:
I found the previous post of someone else who faced
the same problem I'm encountering, but I did not see a posted
In /etc/openldap/ldap.conf, TLS_REQCERT is set to 'allow'.
I would like to leave this setting, but override it for a
specific invocation of ldapsearch. I have attempted to do so by
setting TLS_REQCERT in ~/.ldaprc and be setting the LDAPTLS_REQCERT
environment variable. Neither has worked.
Interestingly, I _HAVE_ found that I can override TLS_CACERTDIR
in either of those locations.
Is this a bug?
Insufficient detail. Works for me with a local build of 2.4.35 and
setting LDAPTLS_REQCERT to 'allow' on the command-line, ala:
LDAPTLS_REQCERT=allow ldapsearch -H ldaps://127.0.0.1 -x
in the system ldap.conf. It also worked as expected with 'allow' in then
ldap.conf and 'demand' in the env-var.