[Date Prev][Date Next]
Re: TLS over various client connections
Peter Marschall wrote:
Please distinguish between LDAPS and LDAP+STARTTLS.
The former works on port 636, is compatible with LDAPv2 but was never part of
an RFC IIRC, while the latter works on port 389, requires LDAPv3 and turns an
already opened connection in an encrypted one.
If you connect using LDPAv2 the only option you have is LDAPS.
You may need to specify the -h option to slapd to make it listen on port 636:
slapd -h "ldap:/// ldaps:///"
I presume you're speaking for Outlook. Ximian's Evolution LDAP
implementation is basically crap and you can feed it what you want of
SSL/TLS and it still doesn't work. Complain on the Evo list, you'll be
carrying on an ancient tradition which will remain unheeded until 4.0 or
5.0 or whatever brings Ximian out of the clutches of Sun (also broke)
again materialises. Personally, I find that Mozilla 1.4 (no, 1.5 is also
crap) just that much more dependable.Even if it doesn't support TLS or
do nifty contact updates.
Once the camel's head has entered your tent,
it's very difficult to stop the rest of the
animal from following it