--On Monday, January 6, 2025 6:20 PM +0000 Eric M <em.jo...@gmail.com>
wrote:
the ldap.conf(5) manpage specifies :
The ldap.conf configuration file is used to set system-wide defaults to
be applied when running ldap clients.
Users may create an optional configuration file, ldaprc or
.ldaprc, in their home directory which will be used to override
the system-wide defaults file. The file ldaprc in the
current working directory is also used.
I've already quoted this to you previously, but you've left it out here, so
I'll quote it again:
" Some options are user-only. Such options are ignored if present in the
ldap.conf (or file specified by LDAPCONF)."
You've been told multiple different ways to configure client cert auth,
you've failed to demonstrate you've paid attention to any of it,
repeatedly.
You've generally failed to specify how your server<->server TLS client auth
would be occurring. For example, with syncrepl, the syncrepl configuration
EXPLICITLY has the bits for configuring cert auth. Same for things like
back-ldap and back-meta.
For client<->server TLS auth, it depends on what the client is. For the
LDAP client tools (such as ldapsearch), you've been repeatedly told all the
different options you have at your disposal. Again, with ZERO indication
from you that you've followed any of the options.
--Quanah
