[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP talking on ports 636 and 389 at same time?



>>We are using OpenLDAP 2.0.23 on FreeBSD 4.6, using TLS/SSL
>>but not SASL.  Recently I realised that when I used
>>ldapsearch -H ldaps://ldap.au.cordoors.com ....
>>the results of my inquiry were returned encrypted from
>>port  636, which is kind of what I expected, AND in
>>clear text from port 389.
>>This only seems to be happening from one of our client machines;
>>the others are getting queries returned only via port 636.
>>Can anyone suggest what bit of my configuration I should
>>go looking in to find out why this is happening?  As far as I
>>know, our configurations are very similar everywhere, except
>>for which directories are masters and which are slaves.
>I've only ever run 2.1 seriously, never 2.0, but this is what I've
>gleaned from the guide and "man slapd" - and implement myself:
>If you tell slapd to run ldaps explicitly in your startup cript, it will
>default to ports 636, *unless* you have another ldaps port defined in
>/etc/services. Then it will use that port. This would normally be 636
>(is in mine, for example), but it could be any free port, where both TCP
>and UDP are specified.
>I repeat that this is for 2.1(.4), but 2.0 could default to 389.

The standard port for LDAP is 389, all DSA's will listen on 389.  636 is
for encrypted LDAP  since one of the clients either doesn't support SSL,
etc..., or is configured not to use it is calling the DSA on 389, and
not 636. Hence the "s" in "ldaps", and lack of s-ness in "ldap".