[Date Prev][Date Next]
Re: OpenLDAP issues when connecting over SSL
At 09:42 PM 1/21/2007, Jean-Yves Avenard wrote:
>can you configure the server to accept both SSL and Start TLS on port 636?
Technically speaking, on different interfaces, yes, but on the
same interface or the "any" interface, no.
Unless you have an extra interface, this is not a practical
optional. And even then, well, it's simply goofy.
>Now that would be a good alternative ...
Generally speaking, I think it not a good alternative. If, as
you say, your client can only talk ldap:// with StartTLS on
port 636 (and no support whatsoever for ldaps://), I would suggest
you ask the developer of that client to support ldap:// with
Start TLS on 389. However, I would be surprised if a developer
actually limited their client in such a way. I would guess you
might be wrong in what you say. I suggest you contact those familiar
with the particular client (using an appropriate list or other
means) for clarification.