This appears to be the same as ITS#5039. This ITS will be closed, you can followup to #5039.
[EMAIL PROTECTED] wrote: > Full_Name: Douglas Klima > Version: 2.3. > OS: Linux > URL: > Submission from: (NULL) (216.155.111.10) > > > I was looking for a way to make TLS the default in > /etc/openldap/ldap.conf however it currently seems impossible. You can > specify LDAP over clear text and LDAP over SSL but you can't specify > LDAP over TLS (I'm talking about "start_tls"). It seems like ldaps:// is > deprecated in favor of ldap:// + TLS, which is why I'm trying to > configure this. > > Currently my /etc/openldap/ldap.conf looks like: > BASE dc=example,dc=com > URI ldap://srv1.example.com ldap://srv2.example.com > TLS_REQCERT demand > TLS_CACERTDIR /etc/ssl/certs > > If I do the following: > $ ldapsearch > ldap_bind: Confidentiality required (13) > additional info: TLS confidentiality required > > If I change URI to have "ldaps://srv1.example.com:389", then > $ ldapsearch > just hangs until it times out. Clearly it's not using start_tls. > > Now if I change URI back to it's original setting and do: > > $ ldapsearch -Z > .... > # search result > search: 3 > result: 0 Success > > # numResponses: 54 > # numEntries: 53 > > I get a successful lookup. I'm basically looking for a way to pass "-Z" > in /etc/openldap/ldap.conf and in .ldaprc > > Initially I tried to send this to the OpenLDAP ML but was told by MacJobBz to > submit this to ITS. > > > -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
