Howard Chu wrote:
My thinking is that this somehow has something to do with the
TLS_CACERT
in /etc/openldap/ldap.conf (the certificate for the client).
In general most folk don't need client certs, but AFAIK the openldap
ldapsearch _requires_ that you present a client cert.
Wrong. Client certs are only needed if you want to do
certificate-based client authentication, and the default settings do
not require them.
That's good to know. I remember spending a few days trying to persuade
OL to do a
non-cert-based-auth connection and ultimately failing, but I'm pleased
to hear that it can.
Of course, the TLS_CACERT directive, as the name suggests, is for
setting the path to the CA cert, and by default it *is* required. I
think your terminology is imprecise here, so that may be confusing the
issue.
Yes, I was reading the OP's description: 'certificate for the client',
and not the config directive name
which as you point out was actually for the CA cert.
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
