Hi, Quoting Erwan David (er...@rail.eu.org): > I have a /etc/ldap/ldap.conf defining TLS_CACERT Despite the fact my > CA is in TLS_CACERT ldapvi refuses TLS connexion to my server. A > strace on ldapvi shows it does not opne ldap.conf nor .ldaprc, > contrray to the documentation.
Well, here is what the documentation says: | Files and profiles. On startup, ldapvi will first look for | ~/.ldapvirc, or /etc/ldapvi.conf if the former does not exist. | | * If --profile name is specified at the command line, one of these | configuration files must exist and it must contain the named | profile. Otherwise ldapvi quits with an error. | | * If no --profile was given, ldapvi looks for a profile called | default. If no such profile can be found or the files do not | exist, ldapvi falls back to libldap configuration files. | | * By default, if a profile is used, it suppresses loading of the | libldap configuration files /etc/ldap.conf and ~/.ldaprc. If you | want these files to take effect anyway, you can set ldaprc: yes in | the profile. | [This last bullet point has a typo: The option is called ldap-conf.] So what seems to happen is that Debian installs an /etc/ldapvi.conf, overriding /etc/ldap.conf. If Debian included ldap-conf: yes in its file, this behaviour should change. The workaround is to either remove /etc/ldapvi.conf, or to create a file ~/.ldapvirc for each user, and add the same option as mentioned above: profile default ldap-conf: yes This way ~/.ldapvirc would override /etc/ldapvi.conf, and cancel out the fact that the latter tried to override /etc/ldap.conf. d. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
