Some customers may have servers that require encrypted sessions even on port 389.

The default LDAPS Healthmonitor configuration enables STARTTLS, but this requires the port to be set to 636.

In order to configure a LDAP hm with STARTTLS, the only option is to use an external health monitor.

Please see sample script below.

#!/bin/bash

ldapsearch -ZZ  -h $IP -b "" -s base "objectClass=*" -D "$USER" -w "$PASS" | grep "result: 0 Success"

For example. Put the bind DN in the username of the external HM's configuration and the password in the password. This script can be adapted to do much more granular query, The example shown above is a simple query for the root object in the directory.

The -ZZ says to use STARTTLS and fail if STARTTLS is not available.