Hello,
I've configured openldap (v2.4.16 on FreeBSD 7.2) to listen on ldaps (with self signed certificate) as well as ldapi.
rc.cof: slapd_enable="YES" slapd_flags='-h "ldapi:///var/run/openldap/ldapi/ ldaps:///"' slapd_owner="ldap:ldap" slapd_sockets="/var/run/openldap/ldapi"
slapd.conf: database bdb suffix "dc=mydomain,dc=com" rootdn "cn=Manager,dc=mydomain,dc=com" rootpw password directory /var/db/openldap-data index objectClass eq
security ssf=128 TLSCACertificateFile /usr/local/etc/openldap/ssl/cert.crt TLSCertificateFile /usr/local/etc/openldap/ssl/cert.crt TLSCertificateKeyFile /usr/local/etc/openldap/ssl/cert.key TLSVerifyClient never
Connecting to ldaps (port 636) with clients such as Thunderbird, Apache Directory Studio works fine. But when I try to connect via ldapi (port 389) from a webmail tool on the same server I always get the error "Confidentiality required" from openldap. I want to connect to ldapi (as it is local on the server) without TLS or other encryption but openldap doesn't seem to allow that in my configuration. I tried localSSF set to 0 which doesn't make any difference...
I'd be thankful for any advice with this issue.
Best regards, Gunnar