Re: OpenLDAP issues when connecting over SSL

["Jean-Yves Avenard" <jyavenard@gmail.com>]

Hi

On 1/22/07, Kurt D. Zeilenga <Kurt@openldap.org> wrote:
> You might ask on a list supporting the particular client you
> are using how to configure this client to secure LDAP with TLS
> (SSL).


You previous post actually help me identify the issue with this
client, and I can get it to work now.
The problem was (as you suggested) that even though it was using port
636, it would issue a Start TLS call, which on an SSL connection isn't
going to work.
I've raised a bug with the supplier on this matter.


> If the client doesn't support securing LDAP with TLS (SSL),
> either by using ldaps:// or by using ldap:// with Start TLS,
> there is nothing the server can do to change that.   You
> can configure the server to support ldap:// on port 636 instead
> of ldaps:// if you want, but I don't recommend doing so.

can you configure the server to accept both SSL and Start TLS on port 636?
Now that would be a good alternative ...
What problems will this create for you not recommending it ?

Jean-Yves