Thank you, that did it. I was under the impression that you didn't need to specify ldaps because the ssl on and start_tls directives took care of that.

Thanks again.

-Mike


Date: Thu, 6 Jan 2011 19:43:11 -0800
From: lists@aarcane.org
To: openldap-technical@openldap.org
Subject: Re: Strange behavior with TLS with self-signed certs

On 1/6/2011 19:18, Michael Starling wrote:
I'm running openldap-2.3.43-12.el5 on a RHEL 5.5 system:

I find that TLS will not work if I use uri ldap://10.3.5.207/  in /etc/ldap.conf on my clients.

TLS magically starts working if I use the deprecated host directive instead:

So if I use host 10.3.5.207 instead everything starts working:

Any insight as to what might be going on?..Possibly a bug?

Here are my TLS directives on my clients:

#TLS settings
ssl start_tls
ssl on
tls_cacertdir /etc/openldap/cacerts
tls_cacertfile /etc/openldap/cacerts/slapdcert.pem
tls_checkpeer no

-Mike
try using uri ldaps://10.3.5.207/ .