[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP talking on ports 636 and 389 at same time?



tor, 2002-09-05 kl. 06:27 skrev Christine Robertson:

> We are using OpenLDAP 2.0.23 on FreeBSD 4.6, using TLS/SSL
> but not SASL.  Recently I realised that when I used
> ldapsearch -H ldaps://ldap.au.cordoors.com ....
> the results of my inquiry were returned encrypted from
> port  636, which is kind of what I expected, AND in
> clear text from port 389.

> This only seems to be happening from one of our client machines;
> the others are getting queries returned only via port 636.
> Can anyone suggest what bit of my configuration I should
> go looking in to find out why this is happening?  As far as I
> know, our configurations are very similar everywhere, except
> for which directories are masters and which are slaves.

I've only ever run 2.1 seriously, never 2.0, but this is what I've
gleaned from the guide and "man slapd" - and implement myself:

If you tell slapd to run ldaps explicitly in your startup cript, it will
default to ports 636, *unless* you have another ldaps port defined in
/etc/services. Then it will use that port. This would normally be 636
(is in mine, for example), but it could be any free port, where both TCP
and UDP are specified.

I repeat that this is for 2.1(.4), but 2.0 could default to 389.

However, the startup script can force it to start up on any port by
specifying an IP number or an FQDN followed by a colon and the port
number.

Best,

Tony

-- 

Tony Earnshaw

The usefulness of RTFM is vastly overrated.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl
gpg public key:	http://www.billy.demon.nl/tonni.armor

Telefoon:	(+31) (0)172 530428
Mobiel:		(+31) (0)6 51153356

GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981
3BE7B981


Attachment: signature.asc
Description: Dette er en digitalt signert meldingsdel