[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: v2/v3 clear/ssl/tls
Hi,
On Thursday 30 October 2003 11:17, Bedo Sandor wrote:
> Could somebody explain me, which port is used to
> tls, if I start up a slapd with the "allow bind_v2"
> in the config, and with the -h "ldap:/// ldaps:///"?
>
> On tcp/389 there's the LDAPv2 and v3 without any
> crypting,
>
> on tcp/636 there's LDAPv3 with StartTLS request,
> and LDAPv2 ower SSL.
>
> Am I something misunderstanding?
AFAIK LDAPv3/startTLS works with tcp/389, while tcp/636 is for LDAPS only.
startTLS converts an unencrypted connection into an ecrypted one
(ideally done before the bind() ;-), while LDAPS on 636 already starts
encrypted (i.e. LDAP does not even know about the encryption because
it is done on a lower layer).
I do not think that tcp/636 is restricted to v2 only, but also allows v3.
Peter
--
Peter Marschall
eMail: peter@adpm.de