[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP issues when connecting over SSL


On 1/22/07, Quanah Gibson-Mount <quanah@stanford.edu> wrote:

Using port 636 (SSL) was an LDAP V2 hack, and was never an officially
supported operation.  TLS over port 389 is part of the LDAP v3
specifications, and is supported.  Vendors doing start TLS are actually
being LDAP v3 compliant.  Vendors doing SSL over 636 are using an old
non-standardized way of doing SSL.

The problem here is that that as soon as the SSL box is checked, it uses port 636, but will issue a StartTLS command. This is why it fails

As noted by Kurt, you can force connections to use encryption, using the "security" statement. I'm not quite sure why you aren't figuring this out via the slapd.conf man page, it is pretty clear:

May be very well clear for you, but for some reasons I couldn't find it. I did though as posted earlier. None of of the openldap web page actually describing TLS/SSL mention this security option and it is referred in another part of ldap, which has nothing to do with SSL :(

I wish I had talked to you earlier, you would have saved me several hours.