I had to build the nss_ldap-226-10 rpm package from source for tls to work. I downloaded the source rpm from rpm.pbone.net (couldn't find it at ftp.scientificlinux.org) Here is what I did to enable TLS with ldap: edit /etc/ldap.conf -comment line: host myldapserver:389 -comment line: ssl start_tls -append lines: uri ldaps://myldapserver ssl on edit /etc/openldap/ldap.conf -append line (I have a self-signed cert): TLS_REQCERT allow nss_ldap package uses config file /etc/ldap.etc but openssl library looks at /etc/openldap/ldap.conf -- Chris Hunter Systems Programmer Department of Astronomy, Yale University [log in to unmask] Quoting Matt Cuttler <[log in to unmask]>: > > Chris Hunter wrote: >> Hi, >> >> Does anyone know if the nss_ldap rpm package in SL4x (nss_ldap-226-10) >> is compiled with ssl support ? > > Chris, > > I have a some production machines, actively used, where the accounts are > stored in LDAP. The machines are RHEL4u3. > > The ldap.conf specifies a URI which uses the 'alternate port' of 636 aka > ldaps. I'd imagine that STARTTLS on port 389 would work just as well, > but I haven't tried it. > > > I can give you more specifics if you need.. > > > -Matt Cuttler >