2016-08-06 20:03 GMT+03:00 Ryan Tandy <r...@nardis.ca>: > On Sat, Aug 06, 2016 at 07:14:37PM +0300, Matwey V. Kornilov wrote: >> >> After inspecting source code I've just found that TLS_KEY and TLS_CERT >> are ignored if located in /etc/openldap/ldap.conf. >> Why does it not written in man ldap.conf(5) explicitly? > > > It is. > > TLS_CERT <filename> > Specifies the file that contains the client certificate. This > is a user-only option. > > [...] > > TLS_KEY <filename> > Specifies the file that contains the private key that matches > the certificate stored in the TLS_CERT file. Currently, the private key must > not be protected with a password, so it is of critical importance that > the key file is protected carefully. This is a user-only > option. > > "User-only" is defined at the top of the page: > > Some options are user-only. Such options are ignored if present in > the ldap.conf (or file specified by LDAPCONF).
However, I'll prepare a patch issuing a warning in openldap_ldap_init_w_conf. Don't you mind? -- With best regards, Matwey V. Kornilov http://blog.matwey.name xmpp://0x2...@jabber.ru