Anyone get openldap 2.x and ssl/tls to work?  I'd like to force the
ssl/tls stuff on the client side.

I'm running openldap 2.0.21-1 and openssl-0.9.6b-8.

Questions:

1. Do I need to recompile openldap to enable TLS support?  I just
installed the 2.0.21-1 rpms.

2. Which values do I need to set in ldap.conf on the clients?  I have:

ssl start_tls
ssl on

Anything else I need to specify?

3. I added the following to my slapd.conf:

TLSCertificateFile      /etc/openldap/server.pem
TLSCertificateKeyFile   /etc/openldap/server.pem
TLSCACertificateFile    /etc/openldap/server.pem

Anything else I need here?

I've searched for documentation on this topic but haven't found a lot.  
The FAQ at openldap.org indicates SSL/TLS support isn't well tested
(http://www.openldap.org/faq/index.cgi?_highlightWords=ssl&file=185)

Note: everything works using just port 389 (non-ssl).  I'm testing
by running slapd with just ldaps:/// and just using a simple 
ldapsearch -H ldaps:///

Thank you.

-- 
Amy Tanner
amy at real-time.com