Due to the SSL POODLE vulnerability, it is best to remove support for the outdated SSLv3 protocol. As OpenLDAP with GnuTLS is a beast of its own, here’s the quick change to remove SSLv3 support: cat > nossl.ldif <<EOF
dn: cn=config
changetype: modify
add: olcTLSCipherSuite
olcTLSCipherSuite: SECURE256:-VERS-SSL3.0 EOF ldapmodify -Y EXTERNAL -H ldapi:/// -f nossl.ldif And we’re done! Obviously, if you already have olcTLSCipgerSuite, then use “replace” instead of “add”.