There were a couple of differences in the dse.ldif, hostname checking was on and the cipher list was more restrictive. I've updated via ldapmodify and restarted the DS which caused the changes to be reflected in dse.ldif. No change to behaviour though. This is the working adm.conf: userdn: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot sysuser: dirsrv sysgroup: dirsrv SuiteSpotUserID: dirsrv SuiteSpotGroup: dirsrv sie: cn=admin-serv-ldap,cn=389 Administration Server,cn=Server Group,cn=ldap.example.com,ou=example.com,o=NetscapeRoot securitydir: /etc/dirsrv/admin-serv ldapurl: ldap://ldap.exmaple.com:389/o=NetscapeRoot ldapStart: /usr/sbin/start-dirsrv ldap isie: cn=389 Administration Server,cn=Server Group,cn=ldap.example.com,ou=example.com,o=NetscapeRoot AdminDomain: example.com The only difference when it fails is that the ldapurl becomes: ldapurl: ldaps://ldap.exmaple.com:636/o=NetscapeRoot _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
