On Sat, 1 Nov 2008, Filipe Brandenburger wrote:
If you are using "ssl start_tsl" you have to use ldap:// and not ldaps:// in your referrals, otherwise LDAP client will try to open a TLS session inside the connection which is already a SSL session. If you change that in your configuration file, it should work fine.
Thank you very much Filipe; you are a star. Of course it works now. I have been doing this long enough that I should have seen that; sometimes the cause is so obvious that you look right past it at other details. Having made such a noob mistake, I'm surprised that more things didn't work.
Steve