[Date Prev][Date Next]
RE: openldap tools starttls
Your question has been answered, I just want to make a correction: StartTLS uses port 389/ldap, not port 636/ldaps. When using starttls, the ldap client should be using "uri ldap://FQDN" in ldap.conf (both OpenLDAP and NSS_LDAP/PAM_LDAP).
Yes we may start the server in ldaps:// mode, on top of ldap://, but that is for local "openssl" testing only usually.
Read the OpenLDAP FAQ pages for SSL, TLS info. many are there.
From: owner-openldap-software@OpenLDAP.org on behalf of Ricardo Kirkner
Sent: Fri 10/29/2004 11:13 PM
Subject: openldap tools starttls
Is there a way to configure that StartTLS should be used by default when
using the openldap utilities?
In the PAM ldap.conf there is the option "ssl starttls", and in the
openldap ldap.conf there is the option for using SSL "uri
ldaps://myserver", but I cannot find an option for using StartTLS by
default (I know I can use it by calling ldapsearch with -ZZ, by I want
to configure it so I don't need to remember, and I always am sure that
the connection is encrypted)