[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Reg:ldapsearch not running on port 636

sridhar varadarajan writes:
> i have added these lines to slapd.conf :(path of my server and client
> certificates) and ldap.conf with( HOST rsasol1 ,PORT 636).

That is wrong.  Clients do not deduce the protocol from the port, they
deduce the default port from the protocol.  So your client tries to use
the ldap protocol against port 636, which presumably listens for the
ldaps protocol.

If you want to default to ldaps, remove HOST and PORT and instead use
   URI ldaps://<fully qualified host name>/
in ldap.conf.

Note that the hostname in the URL to must match a hostname in your
server certificate (i.e. the 'cn' or a Subject Alt Name extension),
otherwise it looks to the client like the connection has been hijacked
(it got the certificate of another host than it tried to connect to).