[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: v2/v3 clear/ssl/tls



Hi,

On Thursday 30 October 2003 11:17, Bedo Sandor wrote:
> Could somebody explain me, which port is used to
> tls, if I start up a slapd with the "allow bind_v2"
> in the config, and with the -h "ldap:/// ldaps:///"?
>
> On tcp/389 there's the LDAPv2 and v3 without any
> 	crypting,
>
> on tcp/636 there's LDAPv3 with StartTLS request,
> 	and LDAPv2 ower SSL.
>
> Am I something misunderstanding?

AFAIK LDAPv3/startTLS works with tcp/389, while tcp/636 is for LDAPS only.

startTLS converts an unencrypted connection into an ecrypted one
(ideally done before the bind() ;-), while LDAPS on 636 already starts 
encrypted (i.e. LDAP does not even know about the encryption because 
it is done on a lower layer).

I do not think that tcp/636 is restricted to v2 only, but also allows v3.

Peter

-- 
Peter Marschall
eMail: peter@adpm.de