Open wjcarpenter opened 4 years ago
mlbiam
commented
4 years ago marked as a feature request. we don't support starttls and honestly its a low priority. so few applications support it it just doesn't come up much. whats your use case for using starttls?
wjcarpenter
commented
4 years ago I'm trying to configure my roundcube.net webmail client to use LDAP. Although they are currently on the same host, I don't know if that will always be the case. They have a config option "use_tls", but AFAICT it triggers the use of STARTTLS. I haven't finished my experiments yet. It's possible that there is a way to get it to do LDAPS, and I just haven't found it.
(They have a wiki page about it, https://github.com/roundcube/roundcubemail/wiki/Configuration:-LDAP-Address-Books, but it's pretty light on the details beyond the example they give. I've been prowling the roundcube PHP sources to try to figure it out.)
mlbiam
commented
4 years ago what happens with use_tls to true and point to the secure port?
wjcarpenter
commented
4 years ago MyVD reports the TLS handshake failed and suggests it might be a non-secure connection attempt.
I believe Apache DS natively supports STARTTLS on connections. I haven't been able to work out whether MyVD supports it. (So far, things I have tried have not worked.) Is it possible? If not, could it be added as an enhancement request?
As a companion to that, it would be great to have a config that would only complete opening connections and accepting credentials if the connection were protected either by LDAPS or STARTTLS (maybe with the exception of localhost connections).