Viktor Dukhovni wrote: > On Mon, Sep 23, 2013 at 10:54:04AM -0400, Salz, Rich wrote: > >>> Another option is to use LDAP's "STARTTLS" support on port 389. >> >> It seems the config to require it is a bit obscure; >> http://www.openldap.org/lists/openldap-technical/201202/msg00414.html >> might be useful. > > Note, the above is for enforcing STARTTLS on the server. If the > decision is left to the client, the configuration is less opaque.
Command-line option of OpenLDAP command-line tools for using StartTLS extended operation on clear-text port 389: -Z Start TLS request (-ZZ to require successful response) Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
