On Fri, Oct 10, 2003 at 05:54:29PM +0200, Sheldon Hearn wrote:
> On (2003/10/07 14:35), Tony Earnshaw wrote:
> > Suresh Ramasubramanian wrote:
> > >>Does anyone know how to force StartTLS for Exim LDAP lookups, ie.
> > >>encryption over port 389. ldaps appears to talk SSL over port 636.
> > >http://www.billy.demon.nl/Eximldap.html
> >
> > But this does not describe TLS on port 389 for ldap. As Dave surmises,
> > Exim (as opposed to recent Postfix snapshot versions, for example) can't
> > use TLS for LDAP lookups, only for SMTP AUTH.
>
> So what does it describe then? The ldaps:// URI means "LDAP over an
> encrypted TLS connection".
Either you have a daemon listening on an alternative port that expects
to negotiate the terms of ssl encryption immediately on connect (can
be done using stunnel) or you have a daemon that listens on the normal
port and accepts unencrypted sessions, and a new command STARTTLS that
starts ssl-encryption on the existing connection.
Compare with "-tls-on-connect" in exim's spec.txt about SMTP.
cu andreas
