On 26 Nov 2020, at 01:16, Ivanov Andrey (M.)
<andrey.ivanov(a)polytechnique.fr> wrote:
Hi,
>> But all in all i think i start to see where the problem comes from. dsconf
>> version 1.4.2 uses /etc/openldap/ldap.conf (which in turn uses system pem
>> bundle if no TLS_CACERT is specified) for certs/CA. Starting from 1.4.3 dsconf
>> ignores completely /etc/openldap/ldap.conf file and pays attention only to its
>> own .dsrc file. It explains everything that i see. It's a bit pity that
there
>> is no global section in .dsrc like in /etc/openldap/ldap.conf - one needs to
>> create a section per ldap server, often with the same parameters.
>
> Well, it should be respecting the value from /etc/openldap/ldap.conf I think so
> this seems like a fault ... Can you open an issue for this on github?
>
>
https://github.com/389ds/389-ds-base
Thanks, here is the github ticket:
https://github.com/389ds/389-ds-base/issues/4460
No problem. We've just merged the fix and backported it. I don't know when it will
ship in RHEL/CentOS, but I'm sure it will be soon in an upcoming update.
Thanks for reporting the problem!
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs, Australia