On Jan 7, 2025, at 4:37 AM, Eric M em.job35@gmail.com wrote:
I do not completely agree with your answer. What I want to achieve is a client server connection with ldapsearch with mutual TLS auhentification.
``` # Begin test: env LDAPTLS_CERT=/etc/ldap/foo1.crt LDAPTLS_KEY=/etc/ldap/foo1.pem LDAPTLS_CACERT=/etc/ldap/ca.crt ldapsearch -Y EXTERNAL -H ldap://hostname -b dc=example,dc=com '(objectclass=*)' -ZZ ``` — Shawn
These are two servers, one of which is considered a client with the ldap tools (ldapsearch) installed. As indicated in my answers, this works when using an ldaprc file in the $CWD or when specifying the TLS options of the client server with -O options but I can't understand why the information from the LDAP.conf file is not taken into account in this case. My server is a client. You specify that the certificate information in the LDAP.conf file is user-only options. Yes, this is specified in the ldap.conf manpage. This doesn't simplify the processing.