[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Help with openldap and starttls

--On Thursday, April 15, 2010 3:55 PM -0700 john espiro <john_espiro@yahoo.com> wrote:

Ok - this is actually very helpful...

So I think I have just one set of remaining questions:

1) In /etc/openldap/ldap.conf, I currently have:
URI     ldapi://

This says the clients should default to using the ldapi:/// socket. Compare that to the options you are providing to slapd, to see if you think this will work.

2) what command line parameters do I want to run openldap with?
Currently mine is running with:
 /usr/sbin/slapd -u ldap -h ldap:// ldaps://

It seems I should at least be removing the *:636 part since it will be
using STARTTLS, correct?

It's up to you. Some old pieces of software don't support startTLS. Some poorly written modern pieces of software don't support it either.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration