Hi
On 1/22/07, Quanah Gibson-Mount quanah@stanford.edu wrote:
Using port 636 (SSL) was an LDAP V2 hack, and was never an officially supported operation. TLS over port 389 is part of the LDAP v3 specifications, and is supported. Vendors doing start TLS are actually being LDAP v3 compliant. Vendors doing SSL over 636 are using an old non-standardized way of doing SSL.
The problem here is that that as soon as the SSL box is checked, it uses port 636, but will issue a StartTLS command. This is why it fails
As noted by Kurt, you can force connections to use encryption, using the "security" statement. I'm not quite sure why you aren't figuring this out via the slapd.conf man page, it is pretty clear:
May be very well clear for you, but for some reasons I couldn't find it. I did though as posted earlier. None of of the openldap web page actually describing TLS/SSL mention this security option and it is referred in another part of ldap, which has nothing to do with SSL :(
I wish I had talked to you earlier, you would have saved me several hours. Regards Jean-Yves