--On Saturday, July 20, 2019 8:43 PM +0100 Howard Chu <h...@symas.com> wrote:
As documented in slapd-ldap(5)
The TLS settings default to the same as the main
slapd TLS settings, except for tls_reqcert which defaults
to "demand".
If that no longer works, then we have yet another regression.
I guess the underlying question is, if they aren't in slapd.conf, where do
slapd clients (syncrepl, back-ldap, etc) get them from? For example,
syncrepl is clearly designed to get at least one setting from ldap.conf:
The network-timeout parameter sets how long the consumer
will
wait to establish a network connection to the provider. Once
a
connection is established, the timeout parameter determines
how
long the consumer will wait for the initial Bind request
to
complete. The defaults for these parameters come
from
ldap.conf(5).
So is it supposed to be that the configuration levels are:
slapd client (syncrepl, back-ldap specific parameters)
override
slapd configuration (slapd.conf(5), slapd-config(5) parameters)
Or is it supposed to be:
slapd client (syncrepl, back-ldap specific parameters)
override
slapd configuration (slapd.conf(5), slapd-config(5) parameters)
override
ldap.conf(5)
If it's the former, then syncrepl should not pull anything from ldap.conf.
If it's the latter, then we have a clear regression.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>