--On Saturday, July 20, 2019 8:43 PM +0100 Howard Chu <h...@symas.com> wrote:

As documented in slapd-ldap(5)

             The  TLS  settings  default  to  the  same as the main
             slapd TLS settings, except for tls_reqcert which defaults
             to "demand".

If that no longer works, then we have yet another regression.

I guess the underlying question is, if they aren't in slapd.conf, where do slapd clients (syncrepl, back-ldap, etc) get them from? For example, syncrepl is clearly designed to get at least one setting from ldap.conf:


The network-timeout parameter sets how long the consumer will wait to establish a network connection to the provider. Once a connection is established, the timeout parameter determines how long the consumer will wait for the initial Bind request to complete. The defaults for these parameters come from
             ldap.conf(5).

So is it supposed to be that the configuration levels are:

slapd client (syncrepl, back-ldap specific parameters)
override
slapd configuration (slapd.conf(5), slapd-config(5) parameters)

Or is it supposed to be:

slapd client (syncrepl, back-ldap specific parameters)
override
slapd configuration (slapd.conf(5), slapd-config(5) parameters)
override
ldap.conf(5)

If it's the former, then syncrepl should not pull anything from ldap.conf. If it's the latter, then we have a clear regression.

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>


Reply via email to