[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: v2/v3 clear/ssl/tls

To: Bedo Sandor <bsanyi@sunserv.kfki.hu>, openldap-software@OpenLDAP.org
Subject: Re: v2/v3 clear/ssl/tls
From: Peter Marschall <peter@adpm.de>
Date: Thu, 30 Oct 2003 13:08:21 +0100
Content-disposition: inline
In-reply-to: <20031030101718.GC28054@sunserv.kfki.hu>
Organization: ADPM
References: <20031030101718.GC28054@sunserv.kfki.hu>
User-agent: KMail/1.5.1

Hi,

On Thursday 30 October 2003 11:17, Bedo Sandor wrote:
> Could somebody explain me, which port is used to
> tls, if I start up a slapd with the "allow bind_v2"
> in the config, and with the -h "ldap:/// ldaps:///"?
>
> On tcp/389 there's the LDAPv2 and v3 without any
> 	crypting,
>
> on tcp/636 there's LDAPv3 with StartTLS request,
> 	and LDAPv2 ower SSL.
>
> Am I something misunderstanding?

AFAIK LDAPv3/startTLS works with tcp/389, while tcp/636 is for LDAPS only.

startTLS converts an unencrypted connection into an ecrypted one
(ideally done before the bind() ;-), while LDAPS on 636 already starts 
encrypted (i.e. LDAP does not even know about the encryption because 
it is done on a lower layer).

I do not think that tcp/636 is restricted to v2 only, but also allows v3.

Peter

-- 
Peter Marschall
eMail: peter@adpm.de

References:
- v2/v3 clear/ssl/tls
  - From: Bedo Sandor <bsanyi@sunserv.kfki.hu>

Prev by Date: Re: Problem getting started with openLDAP
Next by Date: Re: about case-sensitive (again)
Index(es):
- Chronological
- Thread