Re: SSL/TLS connection on port 389

[Chris Carr <chris.carr@Camden.gov.uk>]

On Mon, 2008-01-28 at 09:00 -0800, Quanah Gibson-Mount wrote:
> --On Monday, January 28, 2008 2:57 PM +0000 Chris Carr 
> 
> > Hi All,
> >
> > I've been running slapd with "-h ldaps:///" so that it takes SSL/TLS
> > connections on port 636. This has worked with most clients (Outlook,
> > Seamonkey, Thunderbird) but does not work for Evolution. I don't know
> > why not, but Evolution seems to insist on using port 389 for secure
> > connections.
> >
> > When I type
> >
> > openssl s_client -connect my.server.com:389
> 
> If you read the documentation on openssl, it clearly states it doesn't 
> support doing LDAP startTLS over port 389.

I thought startTLS was supposed to be the replacement for ldaps, so that
only one port was needed for both secure and insecure connections.
Wasn't that discussed on this list quite recently? I have definitely
misunderstood something. 

Still, at least I can now focus on why Evolution isn't connecting
properly on port 636. 

> I suggest using ldapsearch -ZZ -H ldap://my.server.com:389/

That gives me "Can't contact LDAP server (-1)". Same if I use :636 in
fact.

CC

This e-mail may contain information which is confidential, legally privileged and/or copyright protected. This e-mail is intended for the addressee only. If you receive this in error, please contact the sender and delete the material from your computer