Hi Willam,
>
> Thanks, here is the github ticket:
>
https://github.com/389ds/389-ds-base/issues/4460
>
No problem. We've just merged the fix and backported it. I don't know when it
will ship in RHEL/CentOS, but I'm sure it will be soon in an upcoming update.
Well i usually do not use rpms - we compile from git sources, i used them only to
make a demo of the problem.
Thanks for the commit, i have tested the fix. It resolves a half of the problem - indeed
the TLS_REQCERT is now taken into account from /etc/openldap/ldap.conf. But the
certificate bundle part (TLS_CACERT parameter or system bundle in its ansence) is still
not taken into account. TLS_CACERT works correctly in dsconf 1.4.2 (and ldapsearch).
Regards,
Andrey