At 03:44 PM 1/21/2007, Jean-Yves Avenard wrote:
On 1/22/07, Kurt D. Zeilenga Kurt@openldap.org wrote:
Given other clients seem to work well using ldaps://, it seems more likely that this particular client is not properly configured or is otherwise flawed.
Unfortunately, I have no play on how to configure this client as this is one major one !
You might ask on a list supporting the particular client you are using how to configure this client to secure LDAP with TLS (SSL).
Actually, two quite common do not work with OpenLDAP over SSL :( But they will work fine over a non encrypted link
I guess that the client is configured to use ldap://server:636 not ldaps://server:636.
That was my guess also. I there anything I can do on the server side to get over the flaw of broken clients ?
If the client doesn't support securing LDAP with TLS (SSL), either by using ldaps:// or by using ldap:// with Start TLS, there is nothing the server can do to change that. You can configure the server to support ldap:// on port 636 instead of ldaps:// if you want, but I don't recommend doing so.
Kurt