--On Friday, July 07, 2017 9:39 PM +0000 Jon C Kidder jckidder@aep.com wrote:
Yeah, that's actually how I started and where the starttls=no setting came from.
This .conf section
overlay chain chain-uri "ldaps://ds2-q.global.aep.com" chain-rebind-as-user TRUE chain-idassert-bind bindmethod=simple binddn="cn=syncuser,ou=Automatons,ou=Users,dc=Global,dc=aep,dc=com" credentials=<redacted> mode="self" chain-tls ldaps tls_cacert=/appl/openldap/etc/openldap/tls/cacerts.cer chain-return-error TRUE
Hm, if the conversion is adding that "starttls=no" to the cn=config database, that seems like a serious bug in the conversion process.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com