Peter Param a écrit :
Hi all,
I'm trying to authenticate to a LDAPS backend but failing. Any suggestions?
Is it an LDAP server answering on LDAPS connections (LDAP+SSL on port 636) or an LDAP server answering on LDAP connections that are then secured by Start-TLS (LDAP on port 389 + Start-TLS) ? These are 2 different options.
ldap people_search { server = "ldap1.stvincents.com.au" port = 636
==> This implies an ldaps server
identity = "cn=admin,o=org,c=au" password = *** filter = "(cn=%u)" basedn = "ou=people,ou=darlinghurst,ou=nsw,o=schs,c=au" tls { tls_mode = yes # to the LDAP database by using the StartTLS extended # operation. # # The StartTLS operation is supposed to be # used with normal ldap connections instead of # using ldaps (port 689) connections start_tls = yes
==> this is not compliant with and ldaps server use start_tls=no By the way, Alan and other Gurus, I think there is a small typo in the comment: # using ldaps (port 689) connections Should be # using ldaps (port 636) connections HTH, Thibault