Re: OpenLDAP issues when connecting over SSL

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 03:44 PM 1/21/2007, Jean-Yves Avenard wrote:
>On 1/22/07, Kurt D. Zeilenga <Kurt@openldap.org> wrote:
>>Given other clients seem to work well using ldaps://,
>>it seems more likely that this particular client is
>>not properly configured or is otherwise flawed.
>
>Unfortunately, I have no play on how to configure this client as this
>is one major one !

You might ask on a list supporting the particular client you
are using how to configure this client to secure LDAP with TLS
(SSL).

>Actually, two quite common do not work with OpenLDAP over SSL :(
>But they will work fine over a non encrypted link
>
>>I guess that the client is configured to use ldap://server:636
>>not ldaps://server:636.
>That was my guess also.
>I there anything I can do on the server side to get over the flaw of
>broken clients ?

If the client doesn't support securing LDAP with TLS (SSL),
either by using ldaps:// or by using ldap:// with Start TLS,
there is nothing the server can do to change that.   You
can configure the server to support ldap:// on port 636 instead
of ldaps:// if you want, but I don't recommend doing so.

Kurt