[Date Prev][Date Next]
Re: OpenLDAP client TLS configuration
Port 636 is for SSL, while -ZZ sends the Start TLS Extended Operation
(sent to a plaintext port). The two wouldn't usually be used together. Try
either ldapsearch -ZZ -H ldap://host/ or ldapsearch -H ldaps://host:636/
but not ldapsearch -ZZ -H ldap://host:636, for example.
On Thu, 21 Sep 2006, Dan O'Reilly wrote:
I'm trying to get an OpenLDAP client to use TLS to talk to (non-OpenLDAP)
LDAP server. This LDAP server is properly configured for TLS (as verified by
other (non-OpenLDAP) LDAP clients). I've generated the DER-format P7B file
that contains the CA's trusted root certificate and copied it to my VMS
system. However, whenever I try to use, say, ldapsearch with the -ZZ option
and port 636, it always comes back with "Can't contact LDAP server (-1)".
When I use port 389 and no TLS, it all works fine.
Any ideas? My LDAP.CONF file has TLS_CACERT and TLS_CACERTDIR entries in it,
but I wouldn't swear this file is even being used.