Re: OpenLDAP issues when connecting over SSL

["Jean-Yves Avenard" <jyavenard@gmail.com>]

Hi

On 1/22/07, Quanah Gibson-Mount <quanah@stanford.edu> wrote:

> Using port 636 (SSL) was an LDAP V2 hack, and was never an officially
> supported operation.  TLS over port 389 is part of the LDAP v3
> specifications, and is supported.  Vendors doing start TLS are actually
> being LDAP v3 compliant.  Vendors doing SSL over 636 are using an old
> non-standardized way of doing SSL.

The problem here is that that as soon as the SSL box is checked, it
uses port 636, but will issue a StartTLS command. This is why it fails

> As noted by Kurt, you can force connections to use encryption, using the
> "security" statement.  I'm not quite sure why you aren't figuring this out
> via the slapd.conf man page, it is pretty clear:

May be very well clear for you, but for some reasons I couldn't find
it. I did though as posted earlier.
None of of the openldap web page actually describing TLS/SSL mention
this security option and it is referred in another part of ldap, which
has nothing to do with SSL :(

I wish I had talked to you earlier, you would have saved me several hours.
Regards
Jean-Yves