[Pdns-users] PowerDNS + TLS, How should Slapd be setup?

Norbert Sendetzky norbert at linuxnetworks.de
Tue Feb 17 22:57:58 UTC 2009

Hi Joshua

> I've been at this too long.  Turned off ldap-starttls, and it hooked up to
> the ldaps://URI just fine.  Hah!

ldap-starttls is only allowed if ldap-host is a ldap:// URI or a host name / 
IP address. It's not allowed for ldaps:// URIs as SSL and TLS does exclude 

> But, the Assertion failure still happens when you have ldap-starttls=yes
> and ldap-host is in the form of ldap://ldap.mydomain.com/, which
> corresponds with the documentation on the ldap-backend website, so I think
> that sounds like a bug?
> Of course, my slapd is still running in ldaps-only mode, so maybe the
> daemon isn't dealing with a return value properly?

If you LDAP server only listens to port 636 (ldaps://), you won't be able to 
connect via ldap:// and/or TLS as ldap:// schemas will tell the LDAP library 
to connect to port 389.

OpenPGP public key

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20090217/f3d47352/attachment-0001.sig>

More information about the Pdns-users mailing list