Re: TLS over various client connections

[Peter Marschall <peter@adpm.de>]

Hi,

On Tuesday 21 October 2003 16:08, Robert Fitzpatrick wrote:
> I am trying to determine capabilities of different clients my customers
> may be using so that I can provide the necessary instructions.
>
> For Ximian Evolution, I had to 'allow bind_v2' to get it to work at all,
> but it still does not work using TLS. I have version 1.2.2 and all the
> settings seem to suggest it should work using TLS since it is an option,
> but I just get 'Can't connect...'.
>
> For Outlook Express, I am not sure if I'll even need a secure connection
> using this software because I don't see how anyone can do anything but
> read, not write. Nevertheless, I cannot get TLS to work by selecting the
> option in Version 6 to use a secure connection. When checking that box,
> it sets the port to 636, I have tried it over both ports and nothing.

Please distinguish between LDAPS and LDAP+STARTTLS.
The former works on port 636, is compatible with LDAPv2 but was never part of 
an RFC IIRC, while the latter works on port 389, requires LDAPv3 and turns an 
already opened connection in an encrypted one.

If you connect using LDPAv2 the only option you have is LDAPS.
You may need to specify the -h option to slapd to make it listen on port 636:
  slapd -h "ldap:/// ldaps:///"

Peter
-- 
Peter Marschall
eMail: peter@adpm.de