Sent from my iPhone : > > a) Even the debian openldap packagers recommend against using their packages > for a production LDAP service > b) GnuTLS is known to be problematic > c) The Debian packages are ancient > > Looking back over your config, I do see this: > ExtLookupCryptox tls # Sets the use of TLS on backend communication (only > compatible with LDAPv3) > > My guess is that this tells DSPAM to use "startTLS". ldaps and startTLS are > mutually exclusive. Try commenting this line out. > > --Quanah
Ok, a couple of things. I looked at the source and you're right: setting ExtLookupCryptox (actually this is ExtLookupCrypto in the source code but I tried that setting and it doesn't work either) makes a call to start TLS. I think the problem might be that DSPAM hard codes the scheme to "ldap" when it should be "ldaps" in my case. I think the best thing would be to just drop the scheme assembling and just let the user specify the uri themselves. The crypto parameter should also make it clear that it's doing start TLS which isn't the same thing as "ldaps". Thanks for the info about start TLS vs ldaps. I hadn't known that. ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user
