Currently now support for TLSv1/SSL is only available within some libraries of the Secured LDAP clients, so that i.e. LDAP-requests that result of a name-resolution request from applications running on the client-system are SSL enrypted when being sent over the network (, if the parameter authenticationMethod=tls:... has been defined in the client's profile).
Since TLSv1/SSL support has not yet been integrated in the ldap_cachemgr daemon, customers who are using TLSv1/SSL on their LDAP clients (due to their security requirements) are still forced to leave their Directory Server open for listening on LDAP-requests on port 389. Otherwise the ldap_cachemgr will not work and even not startup on the Secured LDAP clients.
So it is a requirement to get TLSv1/SSL support fully integrated into the ldap_cachemgr dameon.
TLSv1/SSL support does also need to become integrated into all commands that are bundled with Solaris and that will communicate with a Directory Server.
These commands are:
/usr/sbin/ldapaddent
/usr/sbin/ldapclient
/usr/sbin/ldap_gen_profile (on Solaris 8 only)
/usr/bin/ldapadd
/usr/bin/ldapdelete
/usr/bin/ldapmodify
/usr/bin/ldapmodrdn
/usr/bin/ldapsearch