Have had a public facing OpenLDAP server setup pointing to Windows Server 2008
on the back end for auth.
AD servers are being migrated to Server 2012 R2, and I see this error on the
Windows side when OpenLDAP tries to authenticate to them:
"An TLS 1.2 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed."
"A fatal alert was generated and sent to the remote endpoint. This may result
in termination of the connection. The TLS protocol defined fatal error code is
40. The Windows SChannel error state is 1205."
I've spent the last few days trying different configs, and reading Microsoft
forums, and haven't been able to figure it out. Apparently MS changed the TLS
configs with 2012R2 and it doesn't support a key length I am using. I've tried
to disable TLS 1.2 on the OpenLDAP side using TLSCiperSuite in slapd.conf, but
OpenLDAP fails to start with "main: TLS init def ctx failed: -1".
