The mailing list for listmasters using Sympa

[Warren G Anderson <address@concealed>]

Hi,

We perform a number of tasks via ldap queries, including scenarios using 
named searches. Recently, one of our upstream LDAP services reconfigured 
to stop using starttls and use only ldaps for connections. I changed the 
named search syntax as follows:

host            <fqdn.ldap.org>:636
suffix          ou=people,dc=domain,dc=org
filter          (my cool filter here)
scope           sub

(just changing 389 to 636 basically)

but the upstream service is refusing connections. However, we also use 
that ldap as a data source and, after changing the config from

use_tls starttls

to

use_tls ldaps

and updating the ssl version to tls 1.3, those queries work. So, we know 
that sympa can connect and query with the new config.

Two questions:

1. Is there anything other than the port number that can indicate in the 
named search that we want an ldaps connection in a named filter?

2. Is there any way to tell named filters which version of SSL you want 
to use?

Thanks,
Warren

--
Warren G Anderson
LIGO Laboratory, CIT