[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP issues when connecting over SSL


On 1/22/07, Kurt D. Zeilenga <Kurt@openldap.org> wrote:
You might ask on a list supporting the particular client you
are using how to configure this client to secure LDAP with TLS

You previous post actually help me identify the issue with this
client, and I can get it to work now.
The problem was (as you suggested) that even though it was using port
636, it would issue a Start TLS call, which on an SSL connection isn't
going to work.
I've raised a bug with the supplier on this matter.

If the client doesn't support securing LDAP with TLS (SSL),
either by using ldaps:// or by using ldap:// with Start TLS,
there is nothing the server can do to change that.   You
can configure the server to support ldap:// on port 636 instead
of ldaps:// if you want, but I don't recommend doing so.

can you configure the server to accept both SSL and Start TLS on port 636? Now that would be a good alternative ... What problems will this create for you not recommending it ?