Re: what's the differnce?

["Pierangelo Masarati" <ando@sys-net.it>]

> Christopher Schadl wrote:
>
>>Port 636 is used for LDAP over SSL.  In order for that to work, you will
need to have generated an SSL certificate for the LDAP server to use,
and the SSL certificate will have to have the fully qualified domain
name of the LDAP server set as it's Common Name attribute.  If you're
just communicating with the LDAP server in question via localhost, then
you shouldn't need SSL, (you can just set the -p option to use the
default LDAP port of 389) however, if you're communicating over a
network then you should definatley read
>>http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html for more
information on setting up SSL/TLS.
> yes, sorry.. I should have mentioned that.

definitely.

> my ldap _is_ listening on 636
> over ssl already.
>
> netstat -tnpl  shows slapd listening on 0.0.0.0:636. all certificates
are available. that's not the problem. :-)

"ldapsearch -p 636 -h hostname" has nothing to do with ldap over ssl. This
does plain ldap over port 636, as per the separate meaning of the above
options.  To do ldap over ssl you need "-H ldaps://hostname", which
carries a bit more info than "-p 636 -h hostname": the protocol.

>
>
> but I will check out if the order of options will change things.

You can save time by trusting people: the order does matter.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it





    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497