Thank you, that did it. I was under the impression that you didn't need to specify ldaps because the ssl on and start_tls directives took care of that.
Thanks again.
-Mike
Date: Thu, 6 Jan 2011 19:43:11 -0800
From: lists@aarcane.org
To: openldap-technical@openldap.org
Subject: Re: Strange behavior with TLS with self-signed certs
On 1/6/2011 19:18, Michael Starling wrote:
I'm running openldap-2.3.43-12.el5 on a RHEL 5.5 system:
I find that TLS will not work if I use uri ldap://10.3.5.207/
in /etc/ldap.conf on my clients.
TLS magically starts working if I use the deprecated host
directive instead:
So if I use host 10.3.5.207 instead everything starts
working:
Any insight as to what might be going on?..Possibly a bug?
Here are my TLS directives on my clients:
#TLS settings
ssl start_tls
ssl on
tls_cacertdir /etc/openldap/cacerts
tls_cacertfile /etc/openldap/cacerts/slapdcert.pem
tls_checkpeer no
-Mike
try using uri ldaps://10.3.5.207/ .