--On Monday, October 5, 2020 1:58 AM +0000 Siddharth Jain <[email protected]> wrote:
is it necessary to specify both TLS_CACERT and TLS_CACERTDIR ?
You use one or the other. The TLS_CACERT only takes a specific file. The TLS_CACERTDIR allows the usage of a directory of multiple CA files.
16.2.2.1. TLS_CACERT <filename> This is equivalent to the server's TLSCACertificateFile option. As noted in the TLS Configuration section, a client typically may need to know about more CAs than a server, but otherwise the same considerations apply. 16.2.2.2. TLS_CACERTDIR <path> This is equivalent to the server's TLSCACertificatePath option. The specified directory must be managed with the OpenSSL c_rehash utility as well. If using Mozilla NSS, <path> may contain a cert/key database.
The ldap.conf file uses one set of configuration parameter names, the slapd configuration uses a different set of configuration parameter names.
--Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>
