[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS over various client connections

Peter Marschall wrote:

Please distinguish between LDAPS and LDAP+STARTTLS.
The former works on port 636, is compatible with LDAPv2 but was never part of an RFC IIRC, while the latter works on port 389, requires LDAPv3 and turns an already opened connection in an encrypted one.

If you connect using LDPAv2 the only option you have is LDAPS.
You may need to specify the -h option to slapd to make it listen on port 636:
  slapd -h "ldap:/// ldaps:///"

I presume you're speaking for Outlook. Ximian's Evolution LDAP implementation is basically crap and you can feed it what you want of SSL/TLS and it still doesn't work. Complain on the Evo list, you'll be carrying on an ancient tradition which will remain unheeded until 4.0 or 5.0 or whatever brings Ximian out of the clutches of Sun (also broke) again materialises. Personally, I find that Mozilla 1.4 (no, 1.5 is also crap) just that much more dependable.Even if it doesn't support TLS or do nifty contact updates.


Tony Earnshaw

Once the camel's head has entered your tent,
it's very difficult to stop the rest of the
animal from following it

Mail: tonye-at-billy.demon.nl