Quanah Gibson-Mount wrote:
> --On Sunday, July 21, 2019 3:37 PM +0100 Howard Chu <h...@symas.com> wrote:
> 
>>> --On Sunday, July 21, 2019 2:51 AM +0100 Howard Chu <h...@symas.com>
>>> wrote:
>>>
>>>> The behavior is supposed to be exactly as specified in the manpages.
>>>>
>>>
>> A syncrepl consumer is an LDAP client. A back-ldap backend is an LDAP
>> client.
> 
> 
> Now you are providing conflicting answers.  The man page for back-ldap makes 
> zero reference to ldap.conf(5).  It only mentions slapd.conf(5).  The syncrepl
> section of slapd.conf(5)/slapd-config(5) only mention the network-timeout 
> value being pulled in from ldap.conf(5).  So which is it? Do they follow the 
> man page
> behaviors (which would mean no ldap.conf(5) for slapd-ldap, and only 
> network-timeout for syncrepl), or do they violate the man page description?

As I already said: there is no reason for the syncrepl consumer and back-ldap 
to behave identically. The manpages are correct in each case.

> 
> 
> Generally, it seems to me we at the least have a documentation bug, in that 
> back-ldap(5) and the syncrepl section of slapd.conf(5)/slapd-config(5) should 
> note
> that they will rely on ldap.conf(5) in the absence of TLS (and possibly other 
> paremters) if they are not found in slapd.conf(5).
> 
> Additionaly, what should we do about ITS#8427? It was clearly fixing a valid 
> bug.  Do we revert it?  Do we fix the behavior so it fixes the bug reported, 
> but
> does not introduce a regression?

It sounds like the behavior with OpenSSL is currently correct, and currently 
broken on GnuTLS.
> 
> And we need to know the answer to that and have a fix in rather quickly.
> 
> --Quanah
> 
> 
> -- 
> 
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
> 
> 


-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Reply via email to