At 09:42 PM 1/21/2007, Jean-Yves Avenard wrote:

can you configure the server to accept both SSL and Start TLS on port 636?

Technically speaking, on different interfaces, yes, but on the same interface or the "any" interface, no.

Unless you have an extra interface, this is not a practical optional. And even then, well, it's simply goofy.

Now that would be a good alternative ...

Generally speaking, I think it not a good alternative. If, as you say, your client can only talk ldap:// with StartTLS on port 636 (and no support whatsoever for ldaps://), I would suggest you ask the developer of that client to support ldap:// with Start TLS on 389. However, I would be surprised if a developer actually limited their client in such a way. I would guess you might be wrong in what you say. I suggest you contact those familiar with the particular client (using an appropriate list or other means) for clarification.

Kurt