Ticket 49560 - nsslapd-extract-pemfiles should be enabled by default as openldap is moving to openssl
Bug Description:
Due to a change in the OpenLDAP client libraries (switching from NSS to OpenSSL),
the TLS options LDAP_OPT_X_TLS_CACERTFILE, LDAP_OPT_X_TLS_KEYFILE, LDAP_OPT_X_TLS_CERTFILE,
need to specify path to PEM files.
Those PEM files are extracted from the key/certs from the NSS db in /etc/dirsrv/slapd-xxx
Those files are extracted if the option (under 'cn=config') nsslapd-extract-pemfiles is set to 'on'.
The default value is 'off', that prevent secure outgoing connection.
Fix Description:
Enable nsslapd-extract-pemfiles by default
Then when establishing an outgoing connection, if it is not using NSS crypto layer
and the pem files have been extracted then use the PEM files
https://pagure.io/389-ds-base/issue/49560
Reviewed by: mreynolds & mhonek
Platforms tested: RHEL 7.5
Flag Day: no
Doc impact: no
Signed-off-by: Mark Reynolds <mreynolds@redhat.com>
(cherry picked from commit 8304caec593b591558c9c18de9bcb6b2f23db5b6)