--On Monday, January 28, 2008 5:10 PM +0000 Chris Carr chris.carr@camden.gov.uk wrote:
On Mon, 2008-01-28 at 09:00 -0800, Quanah Gibson-Mount wrote:
--On Monday, January 28, 2008 2:57 PM +0000 Chris Carr
Hi All,
I've been running slapd with "-h ldaps:///" so that it takes SSL/TLS connections on port 636. This has worked with most clients (Outlook, Seamonkey, Thunderbird) but does not work for Evolution. I don't know why not, but Evolution seems to insist on using port 389 for secure connections.
When I type
openssl s_client -connect my.server.com:389
If you read the documentation on openssl, it clearly states it doesn't support doing LDAP startTLS over port 389.
I thought startTLS was supposed to be the replacement for ldaps, so that only one port was needed for both secure and insecure connections. Wasn't that discussed on this list quite recently? I have definitely misunderstood something.
You are correct, startTLS is the replacement for LDAPS. My point is, if you read the documentation about the "openssl s_client" command, the openssl folks have yet to add support for LDAP startTLS to it. Which is why using that command in your case for testing it is pointless.
As for the debian 2.4.7 package, there's a bug already tracking this issue. I'm not clear if it is a GnuTLS bug or an OpenLDAP bug or both. I don't use OpenLDAP with GnuTLS myself. ;)
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration