Ryan Tandy wrote:
On 07/09/14 10:28 PM, Vijay Ganesan wrote:
But I can't seem to connect using ldaps://localhost:636 using Apache Directory Studio client. I get a "Error while opening connection - Cannot connect on the server: Connection refused" error. I can connect fine using ldap://localhost:389.
Like Udai wrote, ldaps is deprecated, and if possible you should use STARTTLS on the LDAP port (389) instead.
LDAPS on separate port was not formally defined in a RFC. But there's nothing wrong using it.
Personally I even prefer LDAPS since you can then make sure that the client has to establish a TLS connection before sending any LDAP PDU.
But if you really need ldaps, then edit /etc/default/slapd, add ldaps:/// to the SLAPD_SERVICES line, and restart slapd.
Yes.
Ciao, Michael.