Quanah Gibson-Mount wrote: > > > --On Saturday, October 3, 2020 12:36 AM +0000 Siddharth Jain > <[email protected]> wrote: > >> >> But ldapsearch throws an error: >> >> >> $ ldapsearch -d 1 -x -H ldaps://ldap.foo.com:636 ... -ZZ > > This is not valid. > > Either you: > > (a) use ldap:// with -ZZ (startTLS) > > OR > > (b) use ldaps:// > > Both will result in a TLS secured connection if successful > > But you absolutely CANNOT combine startTLS + ldaps://
Also, TLS_CERT/TLS_KEY are user-only directives. Re-read the ldap.conf(5) manpage. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
