Hi
On 1/22/07, Kurt D. Zeilenga Kurt@openldap.org wrote:
You might ask on a list supporting the particular client you are using how to configure this client to secure LDAP with TLS (SSL).
You previous post actually help me identify the issue with this client, and I can get it to work now. The problem was (as you suggested) that even though it was using port 636, it would issue a Start TLS call, which on an SSL connection isn't going to work. I've raised a bug with the supplier on this matter.
If the client doesn't support securing LDAP with TLS (SSL), either by using ldaps:// or by using ldap:// with Start TLS, there is nothing the server can do to change that. You can configure the server to support ldap:// on port 636 instead of ldaps:// if you want, but I don't recommend doing so.
can you configure the server to accept both SSL and Start TLS on port 636? Now that would be a good alternative ... What problems will this create for you not recommending it ?
Jean-Yves