|
Ok..I implemented what you explained for testing purposes and found the following to be true: If I use ssl start_tls with the ldap:// URL schema then my client connects to my LDAP server on port 389. If I use ssl on with ldaps://. then my client connects on port 636. I think i remember reading somewhere that TLS could use either port so my question is when my client connects on 389 using ssl start_tls is the session encrypted? My other question would be why the two different means to the same end? Is it just a matter of which port you want to use? -Mike > From: daff@pseudoterminal.org > To: openldap-technical@openldap.org > Subject: Re: Strange behavior with TLS with self-signed certs > Date: Fri, 7 Jan 2011 19:45:46 +0100 > > On Friday 07 January 2011 04:18:40 Michael Starling wrote: > > #TLS settings > > ssl start_tls > > ssl on > > That should be either "ssl start_tls" OR "ssl on", not both. If you > specify "ssl start_tls" then you should use the ldap:// URL schema, if > you specify "ssl on" then you should use ldaps://. > > Andreas |