On (27/03/20 16:12), Arnau Bria wrote:
Hi all,
something I've found is that the openldap behaivour I've described really depend on the openldap version. With versions older that 2.4.44-15 (in SL) openldap only knows about Mozilla DB whereas in newer version it fallsback to OpenSSL and openldap then reads the certificates from the PKI store. IOW, with newer openldap there's no need to create the Mozilla DB.
Yes, it depends which crypto was used in openldap.
centos7 and old version of fedora was compiled with NSS later version moved to openssl but some distribution has some compatibility with NSS (convert NSS on the fly to format which works with openssl) Tha compatibility was remove in fedora29 and thus newer version support just openssl.
LS