Yeah, that's actually how I started and where the starttls=no setting came from. This .conf section overlay chain chain-uri "ldaps://ds2-q.global.aep.com" chain-rebind-as-user TRUE chain-idassert-bind bindmethod=simple binddn="cn=syncuser,ou=Automatons,ou=Users,dc=Global,dc=aep,dc=com" credentials=<redacted> mode="self" chain-tls ldaps tls_cacert=/appl/openldap/etc/openldap/tls/cacerts.cer chain-return-error TRUE
Hm, if the conversion is adding that "starttls=no" to the cn=config database, that seems like a serious bug in the conversion process.
--Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>