On Aug 06, 2016, at 12.14, Matwey V. Kornilov matwey.kornilov@gmail.com wrote:
After inspecting source code I've just found that TLS_KEY and TLS_CERT are ignored if located in /etc/openldap/ldap.conf. Why does it not written in man ldap.conf(5) explicitly?
from ldap.conf(5):
TLS_CERT <filename> Specifies the file that contains the client certificate. This is a user-only option.
TLS_KEY <filename> Specifies the file that contains the private key that matches the certificate stored in the TLS_CERT file. Currently, the private key must not be protected with a password, so it is of critical importance that the key file is protected carefully. This is a user-only option.
both settings clearly state "This is a user-only option"