Bug#979995: There should be a sensible compile time default for the location of the file that contains trusted CA certificates
Andras Korn
korn-debbugs at elan.rulez.org
Wed Jan 13 12:44:07 GMT 2021
On Tue, Jan 12, 2021 at 10:47:22AM -0800, Ryan Tandy wrote:
> > On 2021-01-12 Andras Korn <korn-debbugs at elan.rulez.org> wrote:
> > > I think I shouldn't need to specify `ldap_tls_cacert =
> > > /etc/ssl/certs/ca-certificates.crt` when using a Debian package, since
> > > this is the default location of trusted CA certificates in Debian.
> > > Configuration should only be necessary for non-default setups.
>
> The libldap-common package ships a default /etc/ldap/ldap.conf which
> contains exactly this default TLS_CACERT value. It should be picked up
> automatically by programs using the library. If sssd does something to
> override that, I don't think libldap can be blamed.
OK, looking further, part of the problem is that I didn't have
libldap-common installed, thus no /etc/ldap/ldap.conf.
Since this (and the accompanying manpage) is all that libldap-common
contains: what's the rationale for having these in a separate package?
The libldap package only Recommends libldap-common (which is why I didn't
have it); however, it is libldap-common that enables the sensible defaults.
Why shouldn't libldap come with the sensible defaults itself?
AndrĂ¡s
--
For Sale: parachute, used once, never opened, small stain.
More information about the Pkg-openldap-devel
mailing list