F28 System Wide Change: OpenLDAP defaults to use only Shared System Certificates

= System Wide Change: OpenLDAP defaults to use only Shared System Certificates = https://fedoraproject.org/wiki/Changes/OpenLDAPdefaultSharedSystemCertifi... Change owner(s): * Matus Honek <mhonek AT redhat DOT com> In order to go forward with adoption of SharedSystemCertificates [1] after this change OpenLDAP clients and server will default to use only the system-wide certificates store. == Detailed Description == Currently, OpenLDAP defaults to trust CA certificates located in /etc/openldap/certs. In order to comply with SharedSystemCertificates [1] we will remove the default explicit configuration options that point to /etc/openldap/certs. Therefore, OpenLDAP will let its crypto library (OpenSSL) load the default CA certificates as described in the SharedSystemCertificates [1] description. For a convenience, where possible, configuration files will contain a commentary with an explanation of the new behaviour. == Scope == * Proposal owners: change of default shipped configuration. * Other developers: check your application trusts whom you want it to trust * Release engineering: https://pagure.io/releng/issue/7252 * List of deliverables: N/A * Policies and guidelines: None. * Trademark approval: None. (not needed for this Change). [1] https://fedoraproject.org/wiki/Features/SharedSystemCertificates -- Jan Kuřík Platform & Fedora Program Manager Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic