[Date Prev][Date Next]
Re: SSL/TLS connection on port 389
--On Monday, January 28, 2008 5:10 PM +0000 Chris Carr
On Mon, 2008-01-28 at 09:00 -0800, Quanah Gibson-Mount wrote:
--On Monday, January 28, 2008 2:57 PM +0000 Chris Carr
> Hi All,
> I've been running slapd with "-h ldaps:///" so that it takes SSL/TLS
> connections on port 636. This has worked with most clients (Outlook,
> Seamonkey, Thunderbird) but does not work for Evolution. I don't know
> why not, but Evolution seems to insist on using port 389 for secure
> When I type
> openssl s_client -connect my.server.com:389
If you read the documentation on openssl, it clearly states it doesn't
support doing LDAP startTLS over port 389.
I thought startTLS was supposed to be the replacement for ldaps, so that
only one port was needed for both secure and insecure connections.
Wasn't that discussed on this list quite recently? I have definitely
You are correct, startTLS is the replacement for LDAPS. My point is, if
you read the documentation about the "openssl s_client" command, the
openssl folks have yet to add support for LDAP startTLS to it. Which is
why using that command in your case for testing it is pointless.
As for the debian 2.4.7 package, there's a bug already tracking this issue.
I'm not clear if it is a GnuTLS bug or an OpenLDAP bug or both. I don't
use OpenLDAP with GnuTLS myself. ;)
Principal Software Engineer
Zimbra :: the leader in open source messaging and collaboration