Re: force use of start_tls: how?

Andreas Hasenack writes:

...

URI ldaps://fully.qualified.server-hostname/ TLS_CACERT <file with the CA-certificate which signed the server cert> TLS_REQCERT demand

The only problem is that I really want start_tls, and not ldaps (which is deprecated, right?).

Don't know. It's nonstandard, anyway. But I doubt it'll go away anytime soon. I can't find an ldap.conf statement to match '-ZZ' either.

Note that if you do use 'URI ldaps://' in ldap.conf, you'll still be able to use ldap:// on the command line if your server listens to it after all. But that's all I can think of.