Quanah Gibson-Mount wrote: > --On Sunday, July 21, 2019 3:37 PM +0100 Howard Chu <h...@symas.com> wrote: > >>> --On Sunday, July 21, 2019 2:51 AM +0100 Howard Chu <h...@symas.com> >>> wrote: >>> >>>> The behavior is supposed to be exactly as specified in the manpages. >>>> >>> >> A syncrepl consumer is an LDAP client. A back-ldap backend is an LDAP >> client. > > > Now you are providing conflicting answers. The man page for back-ldap makes > zero reference to ldap.conf(5). It only mentions slapd.conf(5). The syncrepl > section of slapd.conf(5)/slapd-config(5) only mention the network-timeout > value being pulled in from ldap.conf(5). So which is it? Do they follow the > man page > behaviors (which would mean no ldap.conf(5) for slapd-ldap, and only > network-timeout for syncrepl), or do they violate the man page description?
As I already said: there is no reason for the syncrepl consumer and back-ldap to behave identically. The manpages are correct in each case. > > > Generally, it seems to me we at the least have a documentation bug, in that > back-ldap(5) and the syncrepl section of slapd.conf(5)/slapd-config(5) should > note > that they will rely on ldap.conf(5) in the absence of TLS (and possibly other > paremters) if they are not found in slapd.conf(5). > > Additionaly, what should we do about ITS#8427? It was clearly fixing a valid > bug. Do we revert it? Do we fix the behavior so it fixes the bug reported, > but > does not introduce a regression? It sounds like the behavior with OpenSSL is currently correct, and currently broken on GnuTLS. > > And we need to know the answer to that and have a fix in rather quickly. > > --Quanah > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/