[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: openldap tools starttls

Your question has been answered, I just want to make a correction: StartTLS uses port 389/ldap, not port 636/ldaps. When using starttls, the ldap client should be using "uri ldap://FQDN"; in ldap.conf (both OpenLDAP and NSS_LDAP/PAM_LDAP).
Yes we may start the server in ldaps:// mode, on top of ldap://, but that is for local "openssl" testing only usually.
Read the OpenLDAP FAQ pages for SSL, TLS info. many are there.

	-----Original Message----- 
	From: owner-openldap-software@OpenLDAP.org on behalf of Ricardo Kirkner 
	Sent: Fri 10/29/2004 11:13 PM 
	To: openldap-software@OpenLDAP.org 
	Subject: openldap tools starttls

	Is there a way to configure that StartTLS should be used by default when
	using the openldap utilities?
	In the PAM ldap.conf there is the option "ssl starttls", and in the
	openldap ldap.conf there is the option for using SSL "uri
	ldaps://myserver", but I cannot find an option for using StartTLS by
	default (I know I can use it by calling ldapsearch with -ZZ, by I want
	to configure it so I don't need to remember, and I always am sure that
	the connection is encrypted)