> On Jan 7, 2025, at 4:37 AM, Eric M <[email protected]> wrote:
>
> I do not completely agree with your answer.
> What I want to achieve is a client server connection with ldapsearch with
> mutual TLS auhentification.
```
# Begin test:
env LDAPTLS_CERT=/etc/ldap/foo1.crt LDAPTLS_KEY=/etc/ldap/foo1.pem
LDAPTLS_CACERT=/etc/ldap/ca.crt ldapsearch -Y EXTERNAL -H ldap://hostname -b
dc=example,dc=com '(objectclass=*)' -ZZ
```
—
Shawn
> These are two servers, one of which is considered a client with the ldap
> tools (ldapsearch) installed. As indicated in my answers, this works when
> using an ldaprc file in the $CWD or when specifying the TLS options of the
> client server with -O options but I can't understand why the information from
> the LDAP.conf file is not taken into account in this case. My server is a
> client. You specify that the certificate information in the LDAP.conf file is
> user-only options. Yes, this is specified in the ldap.conf manpage. This
> doesn't simplify the processing.
