Full_Name: Douglas Klima Version: 2.3. OS: Linux URL: Submission from: (NULL) (216.155.111.10)
I was looking for a way to make TLS the default in /etc/openldap/ldap.conf however it currently seems impossible. You can specify LDAP over clear text and LDAP over SSL but you can't specify LDAP over TLS (I'm talking about "start_tls"). It seems like ldaps:// is deprecated in favor of ldap:// + TLS, which is why I'm trying to configure this. Currently my /etc/openldap/ldap.conf looks like: BASE dc=example,dc=com URI ldap://srv1.example.com ldap://srv2.example.com TLS_REQCERT demand TLS_CACERTDIR /etc/ssl/certs If I do the following: $ ldapsearch ldap_bind: Confidentiality required (13) additional info: TLS confidentiality required If I change URI to have "ldaps://srv1.example.com:389", then $ ldapsearch just hangs until it times out. Clearly it's not using start_tls. Now if I change URI back to it's original setting and do: $ ldapsearch -Z .... # search result search: 3 result: 0 Success # numResponses: 54 # numEntries: 53 I get a successful lookup. I'm basically looking for a way to pass "-Z" in /etc/openldap/ldap.conf and in .ldaprc Initially I tried to send this to the OpenLDAP ML but was told by MacJobBz to submit this to ITS.
