Eric M wrote: > I do not completely agree with your answer. > What I want to achieve is a client server connection with ldapsearch with > mutual TLS auhentification. These are two servers, one of which is considered > a client with the ldap tools (ldapsearch) installed. As indicated in my > answers, this works when using an ldaprc file in the $CWD or when specifying > the TLS options of the client server with -O options but I can't understand > why the information from the LDAP.conf file is not taken into account in this > case. My server is a client. You specify that the certificate information in > the LDAP.conf file is user-only options. Yes, this is specified in the > ldap.conf manpage. This doesn't simplify the processing. > ldap.conf is for system-wide configuration. Security credentials should not be system-wide.
You've been told how to achieve the configuration you want, using ldaprc. That should be enough. This thread has wasted enough time. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
