Hi Willam, >> >> Thanks, here is the github ticket: >> https://github.com/389ds/389-ds-base/issues/4460 >> > > No problem. We've just merged the fix and backported it. I don't know when it > will ship in RHEL/CentOS, but I'm sure it will be soon in an upcoming update. Well i usually do not use rpms - we compile from git sources, i used them only to make a demo of the problem. Thanks for the commit, i have tested the fix. It resolves a half of the problem - indeed the TLS_REQCERT is now taken into account from /etc/openldap/ldap.conf. But the certificate bundle part (TLS_CACERT parameter or system bundle in its ansence) is still not taken into account. TLS_CACERT works correctly in dsconf 1.4.2 (and ldapsearch). Regards, Andrey _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
