I think I see what you are saying. The ldaps: is forcing the implied SSL not startTLS. Thanks for making me think different.so now I just need to switch back to ldap:// and make sure TLS is setup and sniff to make sure the traffic is encrypted.ThanksSellersOn Dec 20, 2007, at 11:54 AM, Quanah Gibson-Mount wrote:
--On December 20, 2007 11:03:44 AM -0500 "Chris G. Sellers"
> which suggests that the connection could not be made on port 389 via TLS.
> I can't figure out how to tell the repl connection to send a certificate.
> Do I have to setup a user in LDAP with a cert? Do I put a client cert
> into the syncrepl section of the slapd.conf file on the slave? Please
You are confused. LDAPv3 startTLS is used to encrypt connections over port
389 (or other ports). The Ldapv2 HACK to do TLS over port 636 (ldaps://)
is the other way of doing SSL encryption. You are mixing these two very
Principal Software Engineer
Zimbra :: the leader in open source messaging and collaboration
Chris G. Sellers | NITLE Technology734.661.2318 | firstname.lastname@example.orgAIM: imthewherd | GTalk: email@example.com