RE: LDAP Plugin with start_tls

Answering my own questions: It doesn't work. The plugin uses ldapts which requires an explicit call to startTLS(). Since there's no explicit call to that method that I can find, it seems likely that this just isn't supported.

I'm trying to configure the ldap plugin to authenticate against my LDAP server (openldap 2.4), but running a test returns an error from the server which I believe indicates it's not using TLS, which my server requires. It's not using LDAP over an SSL tunnel (ldaps); but the server is configured to require TLS. For most of my unix clients, that means adding "ssl start_tls" to the relevant ldap.conf file. I also set the location of the certificateAuthorities. IIUC, that should be the name of a file on the system which contains the root certificate of the certificate used by the LDAP server.

The error in the log is:

confidentiality required Code: 0xd

Any idea how I can confirm if I've correctly identified the problem, and if so how to configure it properly?

Thanks!