Phil Dibowitz wrote:
The server is setup with its SSL and TLS certs.
IF I put 'ssl start_tls' in ldap.conf on the clients, I can see the
traffic on port 389 and it's in _plain text_. At some point the
client should issue 'start_tls' and from then on it should be
encrypted. But its not.
BUT IF I put "URI ldaps://ip.of.my.host/" in the ldap.conf on the
clients, and then I sniff 636 I see encrypted channel with no plain
text data (other than the SSL certificate being passed). And of
course I see no traffic on port 389.
I need to qualify this. I was slightly incorrect in my report. TLS
*DOES* seem to work for clients that are not the server.
TLS does *not* seem to work for the server being a client unto itself.