Already have, but it doesn't seem like a very "active" forum, hence I thought I'd try here.

lhaeger;2457676 wrote:
gbatty1 wrote:

> Softerra just advises the
> server is down, but Apache Directory Studio is connecting fine.

You might want to ask in http://www.ldapadministrator.com/forum/ then...

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)

gbatty1 wrote:

> Already have, but it doesn't seem like a very "active" forum, hence I
> thought I'd try here.

Since Apache can connect, it isn't a server side problem and you won't find
much help here. My guess is that Softerra needs to update the TLS code in it's
LDAP Admin tool to support the latest EC-based ciphers to make this work.

Did you check an Edir LDAP trace (or a packet trace) to see at which point the
connection attempt fails and which error code/message you get? I would not be
surprised if it was something like an SSLHandshakeException saying "no cipher
suites in common"...

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)

Agreed; Softerra has never been super-intelligent about how they handle
TLS, breaking rules once they finally did make it work. I suppose that
has changed since I was in Support and had to help customers figure out
that they should just use Apache Directory Studio instead, but your
feedback is not very encouraging..

The most-likely problem would likely be support for strong ciphersuites
which your eDir box is enforcing and your Softerra product cannot handle,
which both matches them historically and your description currently. The
only option you have is to fix the client, unless you want to downgrade
security on the eDirectory side which, of course, isn't a good idea ever.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.

Thanks guys,

Appreciate your input.

After further troubleshooting, it was a windows issue. I reverted back to another certificate and was testing enabling / disabling protocols / ciphers as listed here.

It became evident whilst my browsers could "talk" TLS 1.2, my softerra install was limited to TLS 1. The thread here goes into the changes I needed to make locally.

Try using Apache Studio.
Does a MUCH nicer job.
http://directory.apache.org/studio/