Bug 1426177
Summary: | ldapsearch fails to use system CA trust database | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Aleksandar Kostadinov <akostadi> |
Component: | openldap | Assignee: | Matus Honek <mhonek> |
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 24 | CC: | mhonek, rmeggins |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-04-07 10:18:11 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Aleksandar Kostadinov
2017-02-23 11:34:08 UTC
It turns out default configuration is not working well for users. If I put this in ldap.conf: > TLS_CACERT /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem Then things start to be working fine. The default option is: > TLS_CACERTDIR /etc/openldap/certs And that dir by default is empty. I think it makes more sense to update the default to the system CA trust store. Thanks for reporting this. However, the change of default CA certificate path is proposed in bug 1270678. Thus, I am closing this as a DUPLICATE. *** This bug has been marked as a duplicate of bug 1270678 *** |